I've seen credentials appear in logs from env vars. Logs tend to replicate to a ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

sa46 on May 4, 2022 | parent | context | favorite | on: Twelve-factor app anno 2022

I've seen credentials appear in logs from env vars. Logs tend to replicate to a few different systems and are usually less locked down than the app they came from. An attacker could get lucky with logs that live in a less-secure storage bucket or monitoring system.

sph on May 4, 2022 [–]

> I've seen credentials appear in logs from env vars.

Then the blame is on the logging system configuration, not the env vars. Like you sanitize sensitive information out of logs, you should sanitize and not expose environment variables in your logs.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact