Skip to content
Pepr

Store: Redacting Sensitive Values in Logs

Section titled “Store: Redacting Sensitive Values in Logs”

When storing sensitive information like passwords or secrets in the Pepr Store, you should avoid logging the raw values. The Store itself does not automatically redact values in logs. This example shows how to retrieve sensitive data from the Store and transform it before logging to prevent exposing secrets in pod logs.

Code Example

Section titled “Code Example”

View full example on Github

Store.onReady(async () => {
  const [key, val] = ["password", "***SECRET***"];
  Store.clear();
  await Store.setItemAndWait(key, val);
  const value = Store.getItem(key);
  Log.info(
    { password: `${value.replace("SECRET", "DECLASSIFIED")}` },
    "getItem",
  );


  Store.clear();
  await untilTrue(gone(key));
  Log.info("DONE");
});

Example pod log output:

Section titled “Example pod log output:”
{"level":30,"time":<timestamp>,"pid":<pid>,"hostname":"pepr-<hostname>","password":"***DECLASSIFIED***","msg":"getItem"}
{"level":30,"time":<timestamp>,"pid":<pid>,"hostname":"pepr-<hostname>","msg":"DONE"}

Source: hello-pepr-store-redact-logs

Cookie Settings Privacy Policy