Private Preview
Join Waitlist →
Back to journal
DevOps note

Sanitising Application Logs Before Sending to OpenAI

Best practices for removing sensitive data from logs, stack traces, and error reports before sharing with AI debugging assistants.

Redactorr Team7 min read

Developers increasingly use AI assistants like ChatGPT and GitHub Copilot to debug complex issues. But application logs often contain sensitive data that shouldn't be shared with third-party services.

What's Hiding in Your Logs?

Application logs can contain:

  • API keys and tokens: Authentication credentials in headers
  • User PII: Email addresses, names, IP addresses
  • Infrastructure details: Server names, internal URLs, database strings
  • Business logic: Proprietary algorithms, pricing rules
  • Customer data: Transaction IDs, payment details

The Developer's Dilemma

When you hit a production bug, you need to:

  1. Share error context with AI assistants for faster debugging
  2. Protect sensitive data to maintain security and compliance
  3. Preserve enough detail for the AI to provide useful guidance

Log Sanitisation Strategy

1. Pre-Sanitisation (Before Logging)

Best Practice: Sanitise at the source

// ❌ Bad: Logging raw data
logger.error('User login failed', { email: user.email, password: rawPassword })

// ✅ Good: Sanitise before logging
logger.error('User login failed', {
  userId: hashId(user.id),
  reason: 'invalid_credentials'
})

2. Runtime Sanitisation (On Demand)

Use Case: When sharing logs with AI tools

Use Redactorr to automatically detect and redact:

  • API keys (OpenAI, Stripe, AWS, etc.)
  • Email addresses and usernames
  • IP addresses and server names
  • Database connection strings
  • Environment variable values

3. Pattern Detection Examples

API Keys:

Before: Authorization: Bearer sk-abc123...
After:  Authorization: Bearer [REDACTED_API_KEY]

Email Addresses:

Before: User [email protected] triggered error
After:  User [REDACTED_EMAIL] triggered error

IP Addresses:

Before: Request from 192.168.1.100 failed
After:  Request from [REDACTED_IP] failed

Stack Traces:

Before: at /home/deploy/app/secrets/config.js:45
After:  at [REDACTED_PATH]/config.js:45

DevOps-Specific Patterns

Redactorr detects 240+ DevOps patterns, including:

  • AWS Access Keys (IAM credentials)
  • Docker secrets and environment variables
  • Kubernetes secrets (base64 encoded)
  • Database connection strings
  • Private keys (RSA, SSH, TLS)
  • Git credentials in URLs
  • Slack/Discord webhooks

Real-World Workflow

  1. Copy logs from your monitoring tool (Datadog, Splunk, etc.)
  2. Open Redactorr at app.redactorr.com and paste your logs
  3. Auto-detect sensitive data (< 100ms for most logs)
  4. Review and customise redactions if needed
  5. Copy sanitised logs and paste into ChatGPT

Result: You get full debugging power without leaking credentials.

Stack Trace Sanitiser Tool

Redactorr includes a dedicated Stack Trace Sanitiser that:

  • Preserves error messages and line numbers
  • Redacts file paths and environment variables
  • Maintains stack structure for debugging
  • Handles multiple languages (JavaScript, Python, Java, Go, etc.)

Compliance Benefits

  • ✅ Safe to share logs with AI tools
  • ✅ No credentials leaked in ChatGPT history
  • ✅ Audit trail of what was redacted
  • ✅ Supports ISO 27001 and Privacy Act 1988 requirements

Conclusion

Sanitising logs before sharing with AI assistants is essential for security and compliance. With automated detection, you can use AI debugging tools without compromising sensitive data.

Try it now: Paste a stack trace into our demo and see what gets detected.

Next step

Test the workflow with your own sample.

Use the checker to inspect sensitive context before copying reviewed output into the next workflow.

Try the checkerBack to blog
Share

Copy a link to this article for a teammate.

Related notes