[security] Clarify dumpRequests and set examples to false (#1146)

interuss · Jan 16, 2025 · 5b12cd7 · 5b12cd7
1 parent af62607
commit 5b12cd7
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/cmds/core-service/main.go b/cmds/core-service/main.go
@@ -50,7 +50,7 @@ var (
 
 	logFormat            = flag.String("log_format", logging.DefaultFormat, "The log format in {json, console}")
 	logLevel             = flag.String("log_level", logging.DefaultLevel.String(), "The log level")
-	dumpRequests         = flag.Bool("dump_requests", false, "Log HTTP request and response")
+	dumpRequests         = flag.Bool("dump_requests", false, "Log full HTTP request and response (note: will dump sensitive information to logs; intended only for debugging and/or development)")
 	profServiceName      = flag.String("gcp_prof_service_name", "", "Service name for the Go profiler")
 	garbageCollectorSpec = flag.String("garbage_collector_spec", "@every 30m", "Garbage collector schedule. The value must follow robfig/cron format. See https://godoc.org/github.com/robfig/cron#hdr-Usage for more detail.")
 

diff --git a/deploy/infrastructure/dependencies/terraform-commons-dss/templates/main.jsonnet.tmp b/deploy/infrastructure/dependencies/terraform-commons-dss/templates/main.jsonnet.tmp
@@ -30,7 +30,7 @@ local metadata = metadataBase {
     jwksEndpoint: '${VAR_JWKS_ENDPOINT}',
     jwksKeyIds: ['${VAR_JWKS_KEY_ID}'],
     hostname: '${VAR_APP_HOSTNAME}',
-    dumpRequests: true,
+    dumpRequests: false,
     sslPolicy: '${VAR_SSL_POLICY}'
   },
   schema_manager+: {

diff --git a/deploy/services/tanka/examples/minimum/main.jsonnet b/deploy/services/tanka/examples/minimum/main.jsonnet
@@ -27,7 +27,7 @@ local metadata = metadataBase {
     jwksEndpoint: 'VAR_JWKS_ENDPOINT',
     jwksKeyIds: ['VAR_JWKS_KEY_ID'],
     hostname: 'VAR_APP_HOSTNAME',
-    dumpRequests: true,
+    dumpRequests: false,
     sslPolicy: 'VAR_SSL_POLICY'
   },
   schema_manager+: {