Adds an slog.Handler wrapper (excludingHandler) that drops log
attributes matching a configured set of keys. This allows
GDPR-sensitive deployments to suppress PII fields like email,
username, preferred_username, or groups at the logger level
rather than per-callsite.
Also adds user_id to the "login successful" log line so operators
who exclude PII fields still have a pseudonymous identifier.
Closes#4391
---------
Signed-off-by: Mark Liu <mark@prove.com.au>
Add configuration options for TLSMinVersion and TLSMaxVersion.
This enables setting TLS 1.3 as minimum version for example for both
GRPC and Web, or enforcing TLS 1.2 only for easier debugging of
secure connections.
Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
The dev config example is used for documentation purposes,
but it's also full of development specific configuration.
This change adds a new config example that should serve
as a default, empty config as well as documentation.
The dev example should only contain the relevant configuration.
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Mark Liu
Maksim Nabokikh
Ivan Zviagintsev
Doug Goldstein
Tuomo Tanskanen
Josh Soref
Chance Zibolski
Mark Sagi-Kazar