Remove JWT from all logs using Pino

[euanmillar]

Description

The JWT is always logged in internal microservice comms - this is a risk if Kibana is hacked or if a server engineer is corrupt

https://nkhilv.medium.com/how-to-redact-sensitive-information-from-logs-using-pino-pino-noir-2a27c09c2640

• Analyse QA log stream to find user details, JWT tokens and other pieces of information that are not critical for debugging but reveal too much information on the users of the system or records we store. Perform actions like creating a user, changing a password etc to see what the log output is.
• Use Pino to remove all of these details from the logs from any logs

[tareq89]

Reason for removing following headers from the system log:

req.headers.authorization: This header often contains sensitive authentication tokens or credentials (e.g., Bearer tokens). If leaked, these tokens can be used by malicious actors to gain unauthorized access to the system. Therefore, omitting this field helps to protect user accounts and sensitive data.

req.remoteAddress: This property contains the IP address of the client making the request. Exposing IP addresses can reveal the geographical location and identity of users, making them vulnerable to targeted attacks and privacy breaches.

req.headers['x-real-ip']: Similar to req.remoteAddress, this header can contain the real IP address of the client. Omitting it helps in protecting user privacy by not exposing their actual IP address.

req.headers['user-agent']: The User-Agent header provides detailed information about the client’s device, operating system, and browser version. While not as sensitive as some other fields, it can still be used to fingerprint and track users. Removing it helps in reducing the potential for user profiling.

req.headers['x-real-user-agent']: This is another form of the User-Agent header, potentially revealing the same detailed client information. Omitting it helps to further protect user privacy by preventing detailed client environment disclosure.

req.headers['traceparent']: This header is used for distributed tracing, and can contain sensitive information about the request path through various services. If leaked, it can provide insights into the system architecture and request flow, which can be exploited by attackers.

req.headers['tracestate']: Similar to traceparent, this header is part of distributed tracing and can include information that helps in correlating tracing information across services. Omitting it helps in protecting the internal tracing data.

req.headers['elastic-apm-traceparent']: This is another header used for tracing by Elastic APM (Application Performance Monitoring). It can contain sensitive data regarding the request's path and interactions. Removing it helps in securing tracing details.

req.headers['x-correlation-id']: The Correlation ID is used to trace and correlate requests across different services and components. If exposed, it can be used by attackers to trace the flow of a specific request through the system, potentially uncovering internal processes and vulnerabilities.

[tareq89]

Pull request: #7383

[tareq89]

@rikukissa , how and by whom this should be tested?