Disabling Logging of (sensitive) Arguments in Active Job in Ruby [A How-To Guide]

Written by prathamesh | Published 2020/05/09
Tech Story Tags: ruby-on-rails | database | activejob | security | ruby-on-rails-top-story | latest-tech-stories | how-to-disable-logging-ruby | ruby-programming

TLDR Active Job logs the job arguments when the job is enqueued or run. If you are enqueuing such parameters to Active Job then they are logged at job level regardless. A feature is now present in Ruby on Rails master to fix this issue. The feature is not yet released but it will be part of the new version of Ruby on Ruby on the rails 6.1.1. I will update this post when it is released with the latest version of the Ruby on rails.via the TL;DR App
If you are using Active Job for managing background jobs in Rails, you might have noticed that it logs the job arguments when the job is enqueued or run. Let's see an example of this.
class ImportDataJob < ApplicationJob
  queue_as :default

  def perform(*args)
    puts "Completed"
    # Do something later
  end
end

>> ImportDataJob.perform_later(password: "secret")

Enqueued ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) to Async(default) 
with arguments: {:password=>"secret"}

>> Performing ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) 
from Async(default) 
enqueued at 2020-04-29T13:23:37Z 
with arguments: {:password=>"secret"}
Completed

Performed ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) 
from Async(default) in 9.39ms
As we can, see Active Job logs the arguments two times, once when the job is enqueued and once when the job starts performing.
We can filter request parameters on the controller level using 
Rails.application.config.filter_parameters
 configuration option so that sensitive parameters are not leaked in the logs. But if you are enqueuing such parameters to Active Job then the purpose of filtering them at controller level is defeated as they are logged at job level regardless.
A feature is now present in Rails master to fix this issue. We can disable logging for individual jobs by setting 
log_arguments
 configuration option.
class ImportDataJob < ApplicationJob
  queue_as :default
  self.log_arguments = false

  def perform(*args)   
    # Do something later
  end
end
>> ImportDataJob.perform_later password: "secret"
Enqueued ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8) 
to Async(default)

>> Performing ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8) 
from Async(default) enqueued at 2020-04-29T13:39:31Z

Completed
Performed ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8) 
from Async(default) in 5.81ms
We can see that now there is no trace of the arguments in the log.
> By default the 
log_arguments
 setting is true for every job and we can customize it per job based on whether the job consumes sensitive data.
This feature is not yet released. It will be part of Rails 6.1. I will update this post when it is released.
Subscribe to my newsletter to be on top of latest changes happening in Ruby on Rails framework. No spam only Ruby and Rails!
Written by prathamesh | Developer Evangelist at Last9
Published by HackerNoon on 2020/05/09
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy