fix: Redact SDK in gen_server descriptions and network errors. #166
Conversation
| %% | ||
| %% @end | ||
| format_status(#{state := State}) -> | ||
| #{state => State#{sdk_key => "[REDACTED]"}}; |
There was a problem hiding this comment.
State#{sdk_key => "[REDACTED]"} would be like {...State, sdk_key: "[REDACTED]"]} in JS.
There was a problem hiding this comment.
Alternatively, should we log the auth suffix? That might make it more useful?
There was a problem hiding this comment.
For erlang each SDK instance has a tag and that will be included in the state. So default for the default instance, and then subsequent instances you have to provide a tag for.
There was a problem hiding this comment.
Which provides similar functionality to the SDK key suffix, without any potential issues from short keys, newlines, or other malformed nonsense.
kinyoklion
force-pushed
the
rlamb/SDK-1520/sdk-key-redactions
branch
from
d420172 to
a9b42e7
Compare
| %% | ||
| %% @end | ||
| format_status(#{state := State}) -> | ||
| #{state => State#{sdk_key => "[REDACTED]"}}; |
There was a problem hiding this comment.
Alternatively, should we log the auth suffix? That might make it more useful?
🤖 I have created a release *beep* *boop* --- ## [3.8.1](v3.8.0...v3.8.1) (2025-11-12) ### Bug Fixes * Handle connection errors during read operations. ([#163](#163)) ([5838c2b](5838c2b)) * Handle redis errors during mutations. ([#165](#165)) ([9dbe853](9dbe853)) * Prevent uninitialized SDK warning in daemon mode. ([#162](#162)) ([0961922](0961922)) * Redact SDK in gen_server descriptions and network errors. ([#166](#166)) ([3a4e005](3a4e005)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
There are two categories of issues addressed in this PR.
The first is that there are situations where an SDK key can be logged if it is part of process state. So this PR introduces format_status callbacks which control how that formatting is done, and redacts the SDK key.
The second is there are some network errors that could log the headers which include authorization. This PR adds some extra formatting to network errors to reduce the detail contained in the error. A side-effect will be that in some situations logs will contain less useful data for troubleshooting.