-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't log scout key #297
Comments
For future googlers this is our wokaround until this issue is solved: And here are the tests: This is brittle (to put it mildly), so we'd love to see some progress on this issue. |
Hi @sburba Scout 2.14.3 has been released with a fix. We no longer log the full key, but instead the first 3 characters and a boolean indicating if it matches our normal pattern. We get many support issues for misconfigured keys so having quality log data about it lets us deal with these issues quickly. By the way, the scout key is not a particularly high risk API key. It's write-only, so if an attacker got it they could only send fake data to make your Scout charts inaccurate. Thanks for the push and let us know how if you have any problems with the new version, Adam |
Thanks! Love to see the quick change and we'll be sure to update. |
Currently we log the scout key from configuration and in the register method at startup. Security conscious companies don't want license keys in their log files. We should avoid logging the key, though perhaps a hash or a substring could be useful.
The text was updated successfully, but these errors were encountered: