Note: lists.cloudfoundry.org will be down for maintenance on Monday, September 26th, starting at 9AM Pacific Time (4PM Monday September 26, 2022 UTC), for approximately one hour.
We are using the `syslog_deamon_config` proprty to stream all of our CF infrastructure logs to an external stack for later processing.
We have noticed that operations like `cf create-user-provided-service`, `cf bind-service`, and others are logged by multiple components in CF. That would normally not be a problem, except that these commands often involve passwords and those passwords get logged as well, ending up in the log files on the VM and the target log processing stack, which allows operators of the system to view end-user passwords.
We have noticed that the following jobs are responsible for the logs:
Increasing the log level from the default `debug` / `debug2` to `info` solves the problem for the first two, at the cost of making troubleshooting tasks more difficult on the system.
The last one can only be solved by removing the `nats_stream_forwarder` component from the `nats` job, again making troubleshooting more difficult.
I believe the ideal solution is to have those components not log the payload of commands holding confidential information. Maybe they could replace it with some pattern.
This would help for the first two but might not help for nats, where some other means would be needed (encryption of the private content?).
How are you solving this issue on your productive system? What are your thoughts on this matter?
Thanks in advance!