I have a weird issue I need help with. We want to hide confidential data from showing up in log files, email logs, etc.
This should be easy! Very well documented.
So I did this:
$loggerMaskVars = [
'_SERVER.HTTP_AUTHORIZATION',
'_SERVER.PHP_AUTH_USER',
'_SERVER.PHP_AUTH_PW',
'_SERVER.DB_PASS',
'_SERVER.AT_API_PASS',
'_SERVER.AT_API_USERNAME',
'_SERVER.MAILGUN_API_KEY',
];
And then for all my log targets I do this:
'maskVars' => $loggerMaskVars,
Here is an example where this works great:
$config['components']['log']['targets'][] = [
'class' => 'yii\log\FileTarget',
'enabled' => true,
'levels' => [ 'error', 'warning' ],
'enableRotation' => true,
'except' => [ 'yii\web\HttpException:404' ],
'logFile' => '@runtime/logs/errors.log',
'maskVars' => $loggerMaskVars,
'prefix' => function ($message) {
$userID = Yii::$app->user->id;
return "[userID=$userID]";
}
];
My errors log now has:
...
'JOURNAL_STREAM' => '9:19138'
'MAILGUN_API_KEY' => '***'
'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin'
...
Great! But when I use EmailTarget, I still see all the confidential data! Does the target have to implement maskVars, or is that implemented before the target? I ask because I’m not sure how it works in one target but not the other… ?
$config['components']['log']['targets'][] = [
'class' => 'yii\log\EmailTarget',
'mailer' => 'mailer',
'levels' => ['error', 'warning'],
'except' => [ 'yii\web\HttpException:404' ],
'logVars' => [],
'maskVars' => $loggerMaskVars,
'message' => [
'from' => ['logs@example.net'],
'to' => ['dustin@example.com'],
'subject' => sprintf("%s - %s", gethostname(), "ERROR"),
],
];