Is it possible to tell spring cloud sleuth to not log values like passwords?

Question

So I enabled Spring Cloud Sleuth in my spring boot app and this happened:

2021-03-03 19:11:11.164 DEBUG [OAuth2 service,b1e3783b06d8cc61,b1e3783b06d8cc61] 5056 --- [nio-8080-exec-5] o.s.web.client.RestTemplate              : Writing [{grant_type=[password], client_id=[myclientid], client_secret=[b0ea9376...], username=[rose], password=[mypassword]}] as "application/x-www-form-urlencoded"

As you can see at the end, the Sleuth logged the password=[mypassword] what is not good... Not good at all.

Is it possible to configure Sleuth to not log sensitive data?

score 0 · Accepted Answer · answered Mar 03 '21 at 18:47

As you can see towards the beginning, this was not logged by Sleuth but by RestTemplate, the logger is o.s.web.client.RestTemplate, it has nothing to do with Sleuth. (Here is the line that does this).

What Sleuth has to do with this log event is this part: [OAuth2 service,b1e3783b06d8cc61,b1e3783b06d8cc61]; the name of your service, the traceID and the spanID, none of them should be considered as secrets.

If you don't want RestTemplate to log out these details, you can set it's log level to INFO, WARN or higher.

Is it possible to tell spring cloud sleuth to not log values like passwords?

1 Answers1