How to disable credentials logging in CURLLogger

[AnnieSemenova]

Hello!
We faced such issue: in the production environment we can't enable Debug logging without full excluding CURLLogger because credentials are printed either.
CURLLogger is important, because it shows the real request to ArangoDB and we can't use it.

https://github.com/arangodb/arangodb-java-driver/blob/master/src/main/java/com/arangodb/internal/http/CURLLogger.java#L63

Maybe we can configure this behavior in some way?
If not I think it would be good to have this opportunity, because enabling debug for CURLLogger can be impossible by security reasons.

[rashtao]

At the moment this is not directly supported by the driver, but you could achieve it using a custom logback PatternLayout.
For reference see: https://www.baeldung.com/logback-mask-sensitive-data

[rashtao]

Fixed in https://github.com/arangodb/arangodb-java-driver/releases/tag/v7.0.0-ALPHA.1

[rashtao]

Credentials are not logged anymore since version 7.0.0.
https://github.com/arangodb/arangodb-java-driver/releases/tag/v7.0.0-RC.4

[rashtao]

Closing as fixed in version 7.0.0.