DEV Community

Prathamesh Sonpatki
Prathamesh Sonpatki

Posted on • Originally published at prathamesh.tech on

1

Disable logging of (sensitive) arguments in Active Job

#rails #security #activejob

If you are using Active Job for managing background jobs in Rails, you might have noticed that it logs the job arguments when the job is enqueued or run. Let's see an example of this.

class ImportDataJob < ApplicationJob
  queue_as :default

  def perform(*args)
    puts "Completed"
    # Do something later
  end
end
Enter fullscreen mode Exit fullscreen mode 
>> ImportDataJob.perform_later(password: "secret")

Enqueued ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) to Async(default) 
with arguments: {:password=>"secret"}

>> Performing ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) 
from Async(default) 
enqueued at 2020-04-29T13:23:37Z 
with arguments: {:password=>"secret"}
Completed

Performed ImportDataJob (Job ID: 4c44944b-0b1e-41ff-8679-c9757e09bdb2) 
from Async(default) in 9.39ms
Enter fullscreen mode Exit fullscreen mode

As we can, see Active Job logs the arguments two times, once when the job is enqueued and once when the job starts performing.

We can filter request parameters on the controller level using Rails.application.config.filter_parameters configuration option so that sensitive parameters are not leaked in the logs. But if you are enqueuing such parameters to Active Job then the purpose of filtering them at controller level is defeated as they are logged at job level regardless.

A feature is now present in Rails master to fix this issue. We can disable logging for individual jobs by setting log_arguments configuration option.

class ImportDataJob < ApplicationJob
  queue_as :default
  self.log_arguments = false

  def perform(*args)   
    # Do something later
  end
end
Enter fullscreen mode Exit fullscreen mode 
>> ImportDataJob.perform_later password: "secret"
Enqueued ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8) 
to Async(default)

>> Performing ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8) 
from Async(default) enqueued at 2020-04-29T13:39:31Z

Completed
Performed ImportDataJob (Job ID: 1c388f29-b83c-477c-a046-50837b8941e8) 
from Async(default) in 5.81ms
Enter fullscreen mode Exit fullscreen mode

We can see that now there is no trace of the arguments in the log.

By default the log_arguments setting is true for every job and we can customize it per job based on whether the job consumes sensitive data.

This feature is not yet released. It will be part of Rails 6.1. I will update this post when it is released.

Subscribe to my newsletter to be on top of latest changes happening in Ruby on Rails framework. No spam only Ruby and Rails!

profile
Hostinger
 Promoted

Hostinger image

Get n8n VPS hosting 3x cheaper than a cloud solution

Get fast, easy, secure n8n VPS hosting from $4.99/mo at Hostinger. Automate any workflow using a pre-installed n8n application and no-code customization.

Start now

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

sfdcnews profile image

OpenAI Operator for Salesforce Tasks, Job Trends in 2025, Biometrics in Screen Flow

SFDC News -

godofgeeks profile image

Version Control Strategies (Gitflow)

Aviral Srivastava -

bhavyajain profile image

Node.js vs Django: A Comprehensive Comparison

Bhavya Jain -

laetitiaperraut profile image

Exploring the Synergy Between Cyberwarfare and OSINT

Laetitia Perraut -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay