Hide log information based on regex patterns
Harness sanitizes deployment logs and any script outputs to mask text secret values and JSON web tokens (JWTs) by default. For more information, go to Secrets and log sanitization. You can mask other sensitive information from log streams using regular expressions based on your needs. This will remove the information you define from logs in the Harness UI.
Harness Delegate version 24.01.82110 or later is required to use this feature.
To hide log information based on regex, do the following:
-
Create a
sanitize-patterns.txt
file in your local that contains all of the regexes that you want to hide in logs.This file can contain multiple regexes. Add each regex on a new line. In the example below, we have added two expressions.
<CreditCard>.*?</CreditCard>
<accountID>.*?</accountID> -
Create the ConfigMap in the same namespace where you are installing the delegate.
kubectl create configmap <CONFIGMAP_NAME> --from-file sanitize-patterns.txt -n <NAMESPACE>
-
Mount the volume under the
/opt/harness-delegate
path in your delegate YAML file.volumeMounts:
- name: "config"
mountPath: "/opt/harness-delegate"
volumes:
- name: "config"
configMap:
name: "<YOUR_CONFIGMAP_FILE_NAME>" -
Apply the Kubernetes YAML.