Skip to content

Redact args in the logs of audit log service #20853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 28, 2025
Merged

Redact args in the logs of audit log service #20853

merged 1 commit into from
May 28, 2025

Conversation

corneliusludmann
Copy link
Contributor

Description

The args param contains workspace IDs and other sensitive data. Since it's quite hard to detect them, best way is to simply not log it at all. It's still part of the audit database but does not appear in the component logs.

Related Issue(s)

Fixes https://linear.app/gitpod/issue/CLC-666/scrubbing-audit-log-writes-workspaceids-in-plain-text

Preview status

gitpod:summary

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • /werft preemptible
    Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@corneliusludmann corneliusludmann requested review from a team as code owners May 27, 2025 15:28
geropl
geropl reviewed May 27, 2025
View reviewed changes
geropl
geropl approved these changes May 27, 2025
View reviewed changes
Copy link
Member

@geropl geropl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber-stamping ✔️

Please take a look at https://github.com/gitpod-io/gitpod/pull/20853/files#r2109518699 and decide if you want to add a line. 🙏

@corneliusludmann corneliusludmann force-pushed the clu/redact-args-audit-logs branch from 08bc639 to 363ff33 Compare May 28, 2025 08:19
@roboquat roboquat added size/S and removed size/XS labels May 28, 2025
@corneliusludmann
Copy link
Contributor Author

/unhold

@roboquat roboquat merged commit b007b1d into main May 28, 2025
19 checks passed
@roboquat roboquat deleted the clu/redact-args-audit-logs branch May 28, 2025 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geropl geropl geropl approved these changes

Assignees
No one assigned
Labels
size/S team: team-enterprise team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@corneliusludmann @geropl @roboquat