Hiding sensitive text from the monitor in queries

[codyharrington-streamliners]

Say I run the query:

      await db.none(
        'CREATE USER $(user:name) WITH PASSWORD $(password)',
        credentials
      );

and credentials is an object with a string password in it, then the password is written to the logs.
At the moment, I avoid this by detaching the monitor before running sensitive queries, and reattaching it afterwards.
However, a custom filter like :password or :mask would be nice, e.g.

      await db.none(
        'CREATE USER $(user:name) WITH PASSWORD $(password:mask)',
        credentials
      );

Aside from this, how else should I avoid this issue?

[vitaly-t]

Your issue isn't with this library, but with the database that stores passwords in the open form, which should never be the case.

[codyharrington-streamliners]

This runs in a Lambda in AWS, which uses the SDK to securely fetch the password from AWS' Secrets Manager. PostgreSQL also stores passwords encrypted in the database.
My apologies: I don't quite understand where the passwords are being stored openly?

[vitaly-t]

Filters in this library define how to format values, and if you encrypt password in the query string, it can no longer execute. So a custom filter would not help you here.

The only thing you can do is to pause logging when executing security-sensitive queries:

import pgPromise from 'pg-promise';
import monitor from 'pg-monitor';

let pauseLogging = false;

const opt = {
    query(data: any) {
        if (!pauseLogging) {
            monitor.query(data); // monitor queries when not paused
        }
    }
};

const pgp = pgPromise(opt);

const db = pgp({
    database: '...',
    allowExitOnIdle: true
});

(async function () {
   // execute security-sensitive query, without logging it:
    pauseLogging = true;
    const data = await db.any('select * from users where login <> $1', ['password']);
    pauseLogging = false;
})();

[codyharrington-streamliners]

Yeah, in my situation, I just stick with detaching the monitor, and reattaching it once I have finished performing sensitive queries

[vitaly-t]

The example I gave temporarily switches off monitoring, so there is no need of detaching the entire monitor interface.