feat(sdk-core): add console sanitization for sensitive data #8016
+257
−17
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mullapudipruthvik
previously approved these changes
Feb 3, 2026
rishikeshdadam136
force-pushed
the
WP-7503
branch
from
026eeaf to
30ada75
Compare
OttoAllmendinger
requested changes
Feb 4, 2026
OttoAllmendinger
requested changes
Feb 4, 2026
OttoAllmendinger
requested changes
Feb 4, 2026
rishikeshdadam136
force-pushed
the
WP-7503
branch
from
8249eba to
4ca472a
Compare
OttoAllmendinger
requested changes
Feb 5, 2026
rishikeshdadam136
force-pushed
the
WP-7503
branch
2 times, most recently
from
1d621dc to
5ea4778
Compare
OttoAllmendinger
previously approved these changes
Feb 5, 2026
Created @bitgo/logger package that automatically sanitizes sensitive data (tokens, private keys, passwords) in test/staging environments. Changes: - Added logger to 5 modules: express, sdk-coin-apt, sdk-coin-sol, sdk-coin-vet, blockapis - Replaced 17 console.error/log statements with logger calls - Sanitizes keys: token, bearer, prv, xprv, privateKey, password, otp - Works recursively on nested objects/arrays TICKET: WP-7503
rishikeshdadam136
force-pushed
the
WP-7503
branch
from
f9a929d to
cb046aa
Compare
Contributor
Author
|
Docker Build issue resolved. |
rishikeshdadam136
requested review from
OttoAllmendinger and
mullapudipruthvik
OttoAllmendinger
approved these changes
Feb 6, 2026
mullapudipruthvik
approved these changes
Feb 7, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces @bitgo/logger, a new centralized logging utility with environment-aware sensitive data sanitization to prevent accidental exposure of credentials and private keys in logs.
Motivation
Currently, console statements across the codebase can inadvertently log sensitive information like private keys, passwords, and tokens. This creates security risks, especially in test and staging environments where logs may be more widely accessible.
Changes
New Package: @bitgo/logger
Sanitizes the following sensitive keys:
Ticket: WP-7503