Encrypting or scrubbing Rails log files

Question

We have a customer with very stringent security requirements. So we will encrypt the Rails database using one of Postgres's database encryption options. But that still leaves customer's data exposed in what the Rails logger logs when forms are submitted to create data.

I guess one option is not to encrypt the log file, but to suppress all the parameter values that get logged for POST requests by Rails. What is the best way of doing that?

Another option is to encrypt Rails log files as they are written to disk. Is that a better way to go, and what's a good way to do it?

Answer 1

one thing that you can do is in you config/application.rb file you can add fields that you want to omit from the logs like this

class Application < Rails::Application
  ...
  config.filter_parameters += [:password]
  config.filter_parameters += [:ssn]    
  ....
 end

I hope that this helps

Answer 2

If you want something better than the filter_parameters for all params, You can write a custom logger. see: http://rubyjunky.com/cleaning-up-rails-4-production-logging.html and the gem someone extracted from it, https://github.com/gshaw/concise_logging

However, you're going to need to store the encryption key somewhere on the same machine as the logs, which potentially means it's un-encryptable too if someone has active access (but not if they just somehow get the logs later).

Some questions to think about:

• Do you need the parameter logging at all? (do you even check the logs? how do you track errors?)
• What sort of compliance are you trying to hit? PCI? HIPAA?
• What is the attack vector you're trying to avoid? ie log access via shared hosting, physical attack (remove hard drive), remote access (grab all files off machine), ..

Your answers will define guidelines on how to attack this problem!