- Issue created by @jannakha
Some fields contain sensitive data (eg API keys etc) and the values should not be recorded in the log.
But log should contain which user has updated the key and when.
Log record now:
Configuration changed: hubspot_api.settings.access_key changed from 123-124-125 to 222-444-555 at 1748009132
Add a configuration setting and text field on settings form (similar to "Configuration entity names to ignore") to not log config property value.
Proposed log record:
Configuration changed: hubspot_api.settings.access_key changed by user j.smith at 1748009132
- update settings to include new property "Do not log value of config property"
- update config settings form
- update logging logic
- settings form to include a new text field
- none
- update settings to include new property "Do not log value of config property"
This will help to prevent any leaks of API keys and other sensitive data.
Active
4.0
Code
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.