Avoid secret logging
yhuelf opened this issue · comments
Frédéric Yhuel commented
Hello
Re https://github.com/michelp/pgsodium#avoid-secret-logging
Setting log_statement
to 'none'
isn't enough to avoid secret logging.
If, say, log_min_duration_statement
is set to 0
, the secret will be logged anyway.
I don't know if there's a simple way to avoid completely secret logging (besides log_min_duration_statement
, logging could be handled by an ad hoc extension).
Michel Pelletier commented
Good point, if you'd like to submit a PR mentioning that issue I'll merge it. We use the pgaudit
extension at supabase, so might be worth mentioning it as well and any others you may know of. Thanks!