I think secrets ending up in the log is an issue but who should have access to view logs of what log should also be an important that is often ignored. This is also scope down the surface area of leakage.

▲

stretchwithme 4 days ago | parent [-]

A user's password is something I shouldn't see in a log, even if I'm in control of what gets logged and frequently access them to do my job.

Even if I trust me.

Audits happen. I assume other people will eventually see this bad practice.

▲

debarshri 4 days ago | parent [-]

Audits and bad practice are second-order things.

My argument is that generally everyone has access to all the logs. If you restrict the access and add guardrails around it, you can minimize the surface area and also ways it can be leaked out.

If you take a defensive approach towards, you have to assume that some secret is getting logged somewhere. The goal then becomes a way to reduce the surface area or blast radius of this possible leakage.

	▲	jaspervdj 3 days ago \| parent [-]
		Limiting access helps, but if you are storing the logs on a 3rd party (e.g. DataDog, CloudWatch), you will still need to assume it can leak through that 3rd party and start rotating.