Ask questionsRedacting headers in express


Pino seems quite nice and relatively easy to use. But, I really don't want to be logging my Authorization bearer token. I've searched and searched and can't find any reference to how to redact it. I do have other redactions, for the password in my auth method for example, but the express-pino-logger doesn't seem to log the request body anyway.

I'd love to know how to redact that token so that I can push my software to production. I can't go to prod like this -- I'd get slaughtered for logging that (I'm meant to be a professional ;).



Answer questions BryanDollery

That fixed it for me, thanks. Sample code wouldn't really help much because it's not a bug in the code, rather it's a lack of documentation I think. I couldn't find a reference anywhere that explained the technique you've just explained to me. And I tried; I really did. But I couldn't find that in the redaction docs for pino or express-pino-logger. Of course, its always possible that I missed it.

Thanks for the tip though, it solved the problem instantly. I appreciate the help.

Bryan BryanDollery Nairobi Freelance software engineer, with decades of development and operational experience with a heavy banking background.
Github User Rank List