[{"data":1,"prerenderedAt":419},["ShallowReactive",2],{"blog-prompts/secure-logging":3},{"id":4,"title":5,"body":6,"category":398,"date":399,"dateModified":400,"description":401,"draft":402,"extension":403,"faq":404,"featured":402,"headerVariant":405,"image":404,"keywords":404,"meta":406,"navigation":407,"ogDescription":408,"ogTitle":404,"path":409,"readTime":404,"schemaOrg":410,"schemaType":411,"seo":412,"sitemap":413,"stem":414,"tags":415,"twitterCard":417,"__hash__":418},"blog/blog/prompts/secure-logging.md","Add Secure Logging with AI Prompts",{"type":7,"value":8,"toc":389},"minimark",[9,16,21,24,79,83,86,178,188,192,195,235,239,242,311,320,336,340,343,363,377],[10,11,12],"tldr",{},[13,14,15],"p",{},"Logs are gold for debugging but dangerous if they contain secrets. Never log passwords, tokens, full credit cards, or PII. Redact sensitive fields automatically, use structured logging, and secure log storage. These prompts help you log safely.",[17,18,20],"h2",{"id":19},"logging-audit","Logging Audit",[13,22,23],{},"Copy this prompt to have your AI scan your codebase for insecure logging practices. You'll get a report flagging every instance where passwords, tokens, PII, or credentials might be leaking into log output.",[25,26,28,31,34,58,61],"prompt-box",{"title":27},"Audit Current Logging",[13,29,30],{},"Audit my codebase for insecure logging practices.",[13,32,33],{},"Search for logging that might contain sensitive data:",[35,36,37,41,44,52,55],"ol",{},[38,39,40],"li",{},"Request body logging:\nconsole.log(req.body)  // May contain passwords\nlogger.info({ body: req.body })",[38,42,43],{},"User data logging:\nconsole.log(user)  // May contain PII\nconsole.log('User:', JSON.stringify(user))",[38,45,46,47,51],{},"Token/credential logging:\nconsole.log('Token:', token)\nconsole.log('Auth header:', req.headers.authorization)\nconsole.log(",[48,49,50],"code",{},"API Key: ${apiKey}",")",[38,53,54],{},"Error logging with context:\nconsole.error('Failed:', error, requestData)  // requestData may have secrets",[38,56,57],{},"Database query logging:\nconsole.log('Query:', query)  // May show credentials in connection string",[13,59,60],{},"Check for:",[62,63,64,67,70,73,76],"ul",{},[38,65,66],{},"console.log with raw request/response objects",[38,68,69],{},"Logging entire user objects",[38,71,72],{},"Logging headers (contains auth tokens)",[38,74,75],{},"Logging form data (contains passwords)",[38,77,78],{},"Verbose debug logging in production",[17,80,82],{"id":81},"sensitive-data-redaction","Sensitive Data Redaction",[13,84,85],{},"Use this prompt to generate a reusable data redaction utility. Your AI will create functions that automatically mask sensitive fields like passwords, tokens, and credit card numbers before they reach your logs.",[25,87,89,92,100,107,110,117,127,130,143],{"title":88},"Implement Data Redaction",[13,90,91],{},"Create a utility to redact sensitive data from logs.",[13,93,94,95,99],{},"const sensitiveFields = ",[96,97,98],"span",{},"\n'password', 'passwd', 'secret', 'token', 'apiKey', 'api_key',\n'authorization', 'auth', 'credential', 'ssn', 'creditCard',\n'cardNumber', 'cvv', 'pin'\n",";",[13,101,102,103,106],{},"function redact(obj, depth = 0) {\nif (depth > 10) return '",[96,104,105],{},"MAX_DEPTH","';\nif (obj === null || obj === undefined) return obj;\nif (typeof obj !== 'object') return obj;",[13,108,109],{},"if (Array.isArray(obj)) {\nreturn obj.map(item => redact(item, depth + 1));\n}",[13,111,112,113,116],{},"const redacted = {};\nfor (const ",[96,114,115],{},"key, value"," of Object.entries(obj)) {\nconst lowerKey = key.toLowerCase();",[118,119,124],"pre",{"className":120,"code":122,"language":123},[121],"language-text","if (sensitiveFields.some(f => lowerKey.includes(f))) {\n  redacted[key] = '[REDACTED]';\n} else if (typeof value === 'object') {\n  redacted[key] = redact(value, depth + 1);\n} else {\n  redacted[key] = value;\n}\n","text",[48,125,122],{"__ignoreMap":126},"",[13,128,129],{},"}\nreturn redacted;\n}",[13,131,132,133,138,139,142],{},"// Usage\nlogger.info('Request:', redact(req.body));\n// { email: \"",[134,135,137],"a",{"href":136},"mailto:user@example.com","user@example.com","\", password: \"",[96,140,141],{},"REDACTED","\" }",[13,144,145,146,148,149,152,153,152,155,157,158,161,162,165,166,169,170,173,174,177],{},"// Redact specific patterns\nfunction redactPatterns(str) {\nreturn str\n.replace(/Bearer\\s+\\S+/gi, 'Bearer ",[96,147,141],{},"')\n.replace(/\\b\\d{4}",[96,150,151],{},"-","?\\d{4}",[96,154,151],{},[96,156,151],{},"?\\d{4}\\b/g, '",[96,159,160],{},"CARD_REDACTED","')\n.replace(/\\b",[96,163,164],{},"A-Za-z0-9._%+-","+@",[96,167,168],{},"A-Za-z0-9.-","+.",[96,171,172],{},"A-Z|a-z","{2,}\\b/g, '",[96,175,176],{},"EMAIL_REDACTED","');\n}",[179,180,181],"warning-box",{},[13,182,183,187],{},[184,185,186],"strong",{},"Logs are often less protected than databases:"," They get shipped to third-party services, stored in plain text, and accessed by more people. Treat logs as public and redact accordingly.",[17,189,191],{"id":190},"structured-logging","Structured Logging",[13,193,194],{},"This prompt asks your AI to set up structured JSON logging with built-in redaction using pino. You'll get a configured logger with automatic sensitive-field masking, request correlation IDs, and environment-aware formatting.",[25,196,198,201,204,207,210,213,223,226,229,232],{"title":197},"Set Up Structured Logging",[13,199,200],{},"Set up structured logging with automatic redaction.",[13,202,203],{},"Using pino (fast JSON logger):",[13,205,206],{},"npm install pino pino-pretty",[13,208,209],{},"const pino = require('pino');",[13,211,212],{},"const logger = pino({\nlevel: process.env.LOG_LEVEL || 'info',",[13,214,215,216,219,220,222],{},"// Redact sensitive paths automatically\nredact: {\npaths: ",[96,217,218],{},"\n'req.headers.authorization',\n'req.headers.cookie',\n'req.body.password',\n'req.body.token',\n'*.password',\n'*.secret',\n'*.apiKey'\n",",\ncensor: '",[96,221,141],{},"'\n},",[13,224,225],{},"// Pretty print in development only\ntransport: process.env.NODE_ENV !== 'production'\n? { target: 'pino-pretty' }\n: undefined,",[13,227,228],{},"// Base fields for all logs\nbase: {\nenv: process.env.NODE_ENV,\nversion: process.env.npm_package_version\n}\n});",[13,230,231],{},"// Usage with context\nlogger.info({ userId: user.id, action: 'login' }, 'User logged in');\nlogger.error({ err, requestId }, 'Request failed');",[13,233,234],{},"// Request logging middleware\napp.use((req, res, next) => {\nreq.log = logger.child({ requestId: crypto.randomUUID() });\nreq.log.info({ method: req.method, url: req.url }, 'Request received');\nnext();\n});",[17,236,238],{"id":237},"log-levels-and-retention","Log Levels and Retention",[13,240,241],{},"Copy this prompt to generate a complete log level and retention configuration. Your AI will produce environment-specific log level settings, retention policies for compliance, and guidelines for what should and should not be logged.",[25,243,245,248,251,271,274,277,280,283,294,297],{"title":244},"Configure Log Levels",[13,246,247],{},"Set up appropriate log levels and retention.",[13,249,250],{},"Log levels (use appropriately):",[62,252,253,256,259,262,265,268],{},[38,254,255],{},"fatal: System crash, immediate action needed",[38,257,258],{},"error: Operation failed, needs investigation",[38,260,261],{},"warn:  Potential problem, monitoring needed",[38,263,264],{},"info:  Normal operations (requests, completions)",[38,266,267],{},"debug: Detailed debugging info",[38,269,270],{},"trace: Very verbose, rarely used",[13,272,273],{},"Production configuration:\nLOG_LEVEL=info  # Don't log debug/trace in production",[13,275,276],{},"// Never log these at any level:\n// - Passwords, tokens, API keys\n// - Full credit card numbers\n// - Social security numbers\n// - Full session tokens",[13,278,279],{},"// OK to log:\n// - User IDs (not emails in some contexts)\n// - Request IDs\n// - Timestamps\n// - Action types\n// - Sanitized error messages\n// - Performance metrics",[13,281,282],{},"Retention policies:",[62,284,285,288,291],{},[38,286,287],{},"Production logs: 30-90 days",[38,289,290],{},"Security logs: 1 year (compliance)",[38,292,293],{},"Debug logs: 7 days max",[13,295,296],{},"Storage security:",[62,298,299,302,305,308],{},[38,300,301],{},"Encrypt logs at rest",[38,303,304],{},"Restrict access (need-to-know)",[38,306,307],{},"Audit log access",[38,309,310],{},"Don't expose log endpoints publicly",[312,313,314],"tip-box",{},[13,315,316,319],{},[184,317,318],{},"Pro tip:"," Set up log alerts for security events: failed logins, permission denied errors, unusual patterns. Logs aren't just for debugging - they're your security audit trail.",[321,322,323,330],"faq-section",{},[324,325,327],"faq-item",{"question":326},"Should I log user emails?",[13,328,329],{},"Depends on your privacy requirements. For GDPR compliance, consider logging user IDs instead of emails. If you must log emails, ensure logs are treated as PII and have appropriate retention policies.",[324,331,333],{"question":332},"How do I debug production issues without verbose logs?",[13,334,335],{},"Use request IDs to correlate logs, structured logging for searchability, and error tracking services. You can also temporarily enable debug logging for specific users or requests without enabling it globally.",[17,337,339],{"id":338},"further-reading","Further Reading",[13,341,342],{},"Want to understand the vulnerability before fixing it? These guides explain what's happening and why.",[62,344,345,351,357],{},[38,346,347],{},[134,348,350],{"href":349},"/blog/vulnerabilities/exposed-api-keys","Understanding exposed API keys",[38,352,353],{},[134,354,356],{"href":355},"/blog/how-to/hide-api-keys","How to hide API keys step-by-step",[38,358,359],{},[134,360,362],{"href":361},"/blog/best-practices/secrets","Secret management best practices",[364,365,366,372],"related-articles",{},[367,368],"related-card",{"description":369,"href":370,"title":371},"Error response safety","/blog/prompts/add-error-handling","Secure Error Handling",[367,373],{"description":374,"href":375,"title":376},"Dev vs production","/blog/prompts/environment-separation","Environment Separation",[378,379,382,386],"cta-box",{"href":380,"label":381},"/","Start Free Scan",[17,383,385],{"id":384},"audit-your-logging","Audit Your Logging",[13,387,388],{},"Scan your codebase for sensitive data in log statements.",{"title":126,"searchDepth":390,"depth":390,"links":391},2,[392,393,394,395,396,397],{"id":19,"depth":390,"text":20},{"id":81,"depth":390,"text":82},{"id":190,"depth":390,"text":191},{"id":237,"depth":390,"text":238},{"id":338,"depth":390,"text":339},{"id":384,"depth":390,"text":385},"prompts","2026-02-26","2026-03-06","AI prompts to implement secure logging practices. Log what you need for debugging without exposing passwords, tokens, or sensitive user data.",false,"md",null,"cyan",{},true,"AI prompts to log securely without exposing sensitive data.","/blog/prompts/secure-logging","[object Object]","BlogPosting",{"title":5,"description":401},{"loc":409},"blog/prompts/secure-logging",[416],"Deployment","summary_large_image","JPKISMzrfqFlK64vkyVcAt-u5pIKT8UPJtC0cn6zbnU",1775843938133]