Disable logging of (sensitive) arguments in Active Job
If you are using Active Job for managing background jobs in Rails, you might have noticed that it logs the job arguments when the job is enqueued or run. Let's see an example of this.
class ImportDataJob < ApplicationJob
queue_as :default
def perform(*args)
puts "Completed"
# Do something later
end
end
>> ImportDataJob.perform_later(password: "secret")
Enqueued ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) to Async(default)
with arguments: {:password=>"secret"}
>> Performing ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2)
from Async(default)
enqueued at 2020-04-29T13:23:37Z
with arguments: {:password=>"secret"}
Completed
Performed ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2)
from Async(default) in 9.39ms
As we can, see Active Job logs the arguments two times, once when the job is enqueued and once when the job starts performing.
We can filter request parameters on the controller level using Rails.application.config.filter_parameters
configuration option so that sensitive parameters are not leaked in the logs. But if you are enqueuing such parameters to Active Job then the purpose of filtering them at controller level is defeated as they are logged at job level regardless.
A feature is now present in Rails master to fix this issue. We can disable logging for individual jobs by setting log_arguments
configuration option.
class ImportDataJob < ApplicationJob
queue_as :default
self.log_arguments = false
def perform(*args)
# Do something later
end
end
>> ImportDataJob.perform_later password: "secret"
Enqueued ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8)
to Async(default)
>> Performing ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8)
from Async(default) enqueued at 2020-04-29T13:39:31Z
Completed
Performed ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8)
from Async(default) in 5.81ms
We can see that now there is no trace of the arguments in the log.
By default the log_arguments
setting is true for every job and we can customize it per job based on whether the job consumes sensitive data.
Why can't we reuse the filter_parameters for Active Job
At this point, you might be wondering why can't we use the filter_parameters
configuration that is used to filter sensitive parameters at the controller level. The reason for that is Active Jobs can accept all types of arguments whereas the filter_parameters
is designed to work well with hash
like objects only. There is a discussion about this issue here.
https://github.com/rails/rails/pull/34438#issuecomment-438455378
https://github.com/rails/rails/pull/38963#issuecomment-614767901
Is this bullet proof solution?
Definitely not, if we are inspecting the arguments ourselves in the a code then they will definitely be logged. This configuration prevents Rails from logging the arguments.
This feature is not yet released. It will be part of Rails 6.1. I will update this post when it is released.
Subscribe to my newsletter to be on top of latest changes happening in Ruby on Rails framework. No spam only Ruby and Rails!