feat: Obfuscate potential PII in logs#1163
feat: Obfuscate potential PII in logs#1163alexs-mparticle wants to merge 5 commits intodevelopmentfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR reduces the risk of leaking PII by obfuscating logged payloads (events/batches/attributes/identity responses), and reduces verbose logging noise by removing Vault logging.
Changes:
- Added
obfuscateDatautility (with Jest coverage) to replace primitive values with type strings while preserving object/array structure. - Updated verbose logger call sites (BatchUploader, RoktManager, IdentityAPIClient) to log obfuscated payloads instead of raw data.
- Removed Logger plumbing from Vault usage to avoid verbose log spam.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
src/utils.ts |
Adds obfuscateData helper and exports it for use by logging call sites. |
test/jest/utils.spec.ts |
Adds comprehensive Jest tests for obfuscateData. |
src/batchUploader.ts |
Obfuscates queued event and upload batch payloads before verbose logging; removes Vault logger injection. |
src/roktManager.ts |
Obfuscates selectPlacements attributes in verbose logs; improves identify error formatting. |
test/jest/roktManager.spec.ts |
Updates expectation to match obfuscated verbose logging output. |
src/identityApiClient.ts |
Obfuscates identity response matched_identities in verbose logs. |
src/vault.ts |
Removes Logger usage from Vault internals and changes storage write error handling. |
src/mp-instance.ts |
Removes Vault logger injection for identity cache; adds TS type annotation for setOptOut arg. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jaissica12
left a comment
jaissica12
left a comment
There was a problem hiding this comment.
@alexs-mparticle can we pull the latest changes from the development branch? I recall exposing the processMessageQueue method in my last PR, but it still appears to be private here. We may also need to obfuscate the logger in that section as well
|
Perhaps we need to internally define what Or perhaps verbose prevents PII from showing, but then if they choose debug, it maps to |
alexs-mparticle
force-pushed
the
feat/SDKE-889-logger-obfuscate-data
branch
from
39b7880 to
4073113
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Update vault storage error handling to log instead of throw to prevent breaking SDK flows when storage quota or security errors occur. Update test expectations to match corrected error message.
jaissica12
force-pushed
the
feat/SDKE-889-logger-obfuscate-data
branch
from
39a741f to
3b17c8e
Compare
|
Background
The Logger currently outputs raw batch and event payloads at various log levels (error, warning, verbose). These payloads can include Personally Identifiable Information (PII)—data that can identify or be reasonably linked to an individual, such as email addresses, phone numbers, names, user IDs, IP addresses, or other user-level identifiers.
What Has Changed
obfuscateDatamethod to be used when logging payloadsobfuscateDatamethod when passing in payloads that may contain PIImatched_identitiespayload for obfuscation, while allowing the rest of the identity payload to be visible for debuggingScreenshots/Video
Checklist
Additional Notes
Reference Issue (For employees only. Ignore if you are an outside contributor)