serverless-crypt icon indicating copy to clipboard operation
serverless-crypt copied to clipboard

Published 20 hours ago verified publisher icon marcy-terui

Do not log secret

Open pstoll opened this issue 8 years ago • 1 comments

In both decrypt.js and encrypt.js, the secret text is sent to the logger facility. Is this really necessary? It seems to reduce the security of the secrets - let the caller decide if they want to log this info. I'd suggest you ought to not log the decrypted secret in those two cases.

pstoll avatar Feb 09 '17 14:02 pstoll

Yes, i agree this its valid point, can we have not show the secret text in logger? please check this once?

firojasha avatar Nov 17 '17 06:11 firojasha