Menu
Rails 5 offers parameter filtering, and I've specified config.filter_parameters += ["my_token"] in application.rb.
Testing my app in dev (environment) mode, I see my_token is correctly filtered from the request lines of the log file:
Started GET "/something?my_token=[FILTERED]"
However, the SQL log lines immediately following still include the parameter's value in plain text ("SELECT stuff FROM things," etc., with my_token as a param).
Does Rails 5 offer a way to filter this raw value from the SQL part of its log files?
I've also run my app in production mode, and though the log files are more succinct, they still display the value unfiltered in D-type log lines for the generated SQL statements.
I've specified no custom log settings--everything other than my filter parameter setting is by default.
My own search showed no relevant discussion of this. Maybe I'm missing something?
Thx!
524
Rails 7
See Matthew answer.
Rails 6 and below
If you want to disable SQL log completly for production, you can change the log level in config/environments/production.rb to :info
config.log_level = :info
If you want to silence logging for only a few queries with sensitive data, you can use Rails.logger.silence. It silences the log for the duration of the provided block. So it can be used to avoid writting a particular SQL query to the log.
Usage:
def index
Rails.logger.silence do
# load method is used to force query execution inside the block
@items = Item.all.load
end
end
Keep in mind that queries are executed lazily, so if the query is executed outside of the block it will be logged anyway. The following example will fail:
def index
Rails.logger.silence do
# The query will be executed outside the block when @items is first used in the view
@items = Item.all
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
