[Feature request] Toggle for showing credentials in log

[devinbost]

I've noticed in the log that sometimes sensitive values are redacted, but sometimes they come through. For example,

10:14:03.398 [main] INFO c.d.o.s.a.d.CassandraDataSource -- Initializing CassandraDataSource with config {database=openai, environment=PROD, password=<REDACTED>, clientId=token, service=astra, secret=<REDACTED>, token=<REDACTED>}

but later in the log, I see this:

10:14:22.480 [MainThread] INFO root -- Initializing LangChain Chat with config {'astra-db-keyspace': 'doc_qa_demos', . . . "key": "AZURE_OPENAI_API_KEY", "value": " [ includes configs with sensitive values ]

When debugging, it's useful to show credentials in the log. However, for production, this can be a security risk.

It would be helpful to have a way to toggle whether credentials appear in the log. I realize this might add some complexity around defining what config values are sensitive and would need to be obfuscated, but perhaps a list of variables to be obfuscated could be defined in a config somewhere and then used to substitute those values when logging. Hopefully, there's a way to do it without creating a significant performance impact when logging.