Keep passwords and secrets out of your logs with Go

Travis Jeffery
Jun 4, 2018 · 2 min read

When working with distributed systems generally the more logs, the better — the complication lies in being liberal for visibility while being conservative to keep sensitive information private and secure. It’s not easy, just ask GitHub and Twitter who found themselves logging raw passwords recently.

The details of GitHub’s and Twitter’s incidents weren’t made public but I’d guess an engineer changed a log level config or logged the request bodies without realizing the consequences.

The fact is this is the reality of the job — with complex systems like these no one can know the consequences of every change, especially so with the fast tech turnover rate. If we’re gonna solve problems like these we need to go deeper.

Issues like this arise by Murphy’s law: whatever can go wrong, will go wrong — if you leave a trap behind someone will walk into it. Let’s not do that. When writing Go, here’s what I do to leave no such trap behind and prevent the logging of secrets.

Let’s say you have a sign up request like so:

type CreateUserRequest struct {
Credentials Credentials `json:”credentials”`
}
type Credentials struct {
Email string `json:”email”`
Password string `json:”password”`
}

And let’s say you’re logging to JSON for Elasticsearch:

// logger we’re using
logger := log.NewJSONLogger(os.Stdout)
// request we decoded
request := CreateUserRequest{
Credentials: Credentials{
Email: “bilbro@theshire.net”,
Password: “theonering”,
},
}
// our call to log the request
logger.Log(“request”, request)
// the output
{“request”:{“credentials” {“email”:”bilbro@theshire.net”,”password”:”theonering”}}}

The result is the user’s password is logged. Not good.

To solve the problem we’ll implement our own MarshalJSON that’ll redact the user’s password.

func (co Credentials) MarshalJSON() ([]byte, error) {
type credentials Credentials
cn := credentials(co)
cn.Password = "[REDACTED]"
return json.Marshal((*credentials)(&cn))
}

Now when we log the same request the user’s password is not logged:

// the output
{“request”:{“credentials”:{“email”:”bilbro@theshire.net”,”password”:”[REDACTED]”}}}

There is now no possibility of logging the user’s password, regardless of who logs, nor where or when — at least if you’re logging JSON with this implementation. If you’re logging in another format, the same technique applies and there should be a corresponding marshal method for you to implement.

Please say hi at @travisjeffery.

Hit the 👏 and share if you found this useful.

Thanks for reading.

HackerNoon.com

#BlackLivesMatter

Sign up for Get Better Tech Emails via HackerNoon.com

By HackerNoon.com

how hackers start their afternoons. the real shit is on hackernoon.com. Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Travis Jeffery

Written by

Working on Kafka/Confluent. Made software at Basecamp, Segment. Writing open-source software https://github.com/travisjeffery.

HackerNoon.com

Elijah McClain, George Floyd, Eric Garner, Breonna Taylor, Ahmaud Arbery, Michael Brown, Oscar Grant, Atatiana Jefferson, Tamir Rice, Bettie Jones, Botham Jean

Travis Jeffery

Written by

Working on Kafka/Confluent. Made software at Basecamp, Segment. Writing open-source software https://github.com/travisjeffery.

HackerNoon.com

Elijah McClain, George Floyd, Eric Garner, Breonna Taylor, Ahmaud Arbery, Michael Brown, Oscar Grant, Atatiana Jefferson, Tamir Rice, Bettie Jones, Botham Jean

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store