gofr icon indicating copy to clipboard operation
gofr copied to clipboard
verified publisher icon gofr-dev

Add Utility to Mask Sensitive Data in Logs

Open aryaman-vohra opened this issue 6 months ago • 2 comments

GoFr currently logs request and response payloads, which is great for debugging. However, this may result in sensitive data such as passwords, API keys, or tokens being written directly to logs — especially in production.

I'd like to contribute a utility or middleware that scans for sensitive fields in logs and replaces their values with *** before logging. This is a common security practice that improves GoFr’s safety in real-world deployments.

Proposal-

  • Create a utility (or middleware wrapper) to:
  • Identify and mask keys like password, secret, token, apiKey, authorization in logs
  • Mask values in both:
  • JSON request/response payloads
  • HTTP headers like Authorization
  • Optional: allow adding extra maskable keys via env or config

Benefits-

  • Prevents accidental leaking of secrets in logs
  • Improves production-readiness and security hygiene
  • Makes it safer to debug issues without exposing user data

Testing Plan-

  • Unit tests for key masking logic (map, JSON body, headers)
  • Integration test for a protected route that logs masked output

Let me know if this is something I can work on — happy to make adjustments based on feedback.

aryaman-vohra avatar Jun 22 '25 05:06 aryaman-vohra

I'd like to work on this issue. Please assign it to me.

aryaman-vohra avatar Jun 22 '25 05:06 aryaman-vohra

I'd love to work on this issue . I appreciate if you assign this issue to me .

deepakstwt avatar Jun 25 '25 03:06 deepakstwt