Prevent sensitive data being written to logs/traces

[carolynvs]

The porter console io.Writer goes through the CensoredWriter that ***'s out any sensitive data. Now that we are replacing a lot of printlns with open telemetry traces, and writing to the log file, we need that same censoring for those outputs as well.

Since the TraceLogger is the main way that we print to all 3 now, let's see if we can have the CensoredWriter intercept and rewrite messages there instead of just on the console output.

Relevant Code

Here is the CensoredWriter that we want to use everywhere to add *** to any sensitive data:

porter/pkg/portercontext/context.go

Line 407 in 493db3f

type CensoredWriter struct {

• Has a list of registered sensitive words
• When you write to it (io.Writer is what it implements now which may need to change a bit, not sure yet!) it checks for those words and **** them out.

TraceLogger is now the central point where we print to the console, log file or traces. https://github.com/getporter/porter/blob/release/v1/pkg/tracing/traceLogger.go

• Have each output sink (console, logfile, open telemetry) print through the censored writer.

What to test

• Unit test at the TraceLogger level
• An integration test that makes sure when a "sink" (console, log only) that it gets starred out.

Do not try to test that the traces are being censored, we will make a better test setup for that in a separate issue.

Get Started

See our Contributing Tutorial and New Contributor Guide for help getting started contributing to Porter.

[VinozzZ]

I found a library that implements a filter extension for zap.Logger that we could use for implementing this feature https://pkg.go.dev/moul.io/zapfilter#section-documentation

[carolynvs]

@VinozzZ Is there a corresponding filter perhaps for open telemetry?