All Articles

How to redact sensitive parameters in GraphQL and Rails?

Every application holds a sensitive or private information that needs to be protected from being leaked. Most application will writes details to the logs which are accessible to the application developer to debug and trace activities whenever needed.

A best practice is to hide the sensitive information from the logs by redacting the sensitive parameters.

You can redact specific parameters in the logs for GraphQL APIs when using with Rails on the server side by setting the config.filter_parameters.

Example: A creditCardNumber should be redacted in the logs.

# config/initializers/filter_parameter_logging.rb

Rails.application.config.filter_parameters += ["creditCardNumber"]

GraphQL also provides a SanitizedPrinter custom printer which helps in redacting entire query. You can read more about it here: #2785

Happy Coding!!