Hide custom jwt header in logs

We are using a header named jwt for authentication in kibana. The contents of this header is visible in the elasticsearch log. Is it possible to hide the content, just like what happens with contents of the Authorization header? Is it something that needs to be implemented in ROR or can it be configured somehow?

Appriciate any feedback on this. Thanks

1 Like

Hi Peter, this is a great feature request. Thanks for reaching out.
ReadonlyREST is very flexible and has a lot of integration points, so we cannot really anticipate what headers are to be considered confidential and their value should not be printed in logs.

Will add this to our backlog in Jira.

1 Like