Hide custom jwt header in logs

We are using a header named jwt for authentication in kibana. The contents of this header is visible in the elasticsearch log. Is it possible to hide the content, just like what happens with contents of the Authorization header? Is it something that needs to be implemented in ROR or can it be configured somehow?

Appriciate any feedback on this. Thanks

1 Like

Hi Peter, this is a great feature request. Thanks for reaching out.
ReadonlyREST is very flexible and has a lot of integration points, so we cannot really anticipate what headers are to be considered confidential and their value should not be printed in logs.

Will add this to our backlog in Jira.

1 Like

Hi @peter123,
The feature is ready and available in 1.18.6 :slight_smile:

1 Like

Did you document it too? How to use it?

AFAIK no. At the moment there is only test to show how it should be used:


Thanks! :slight_smile: That was implemented quicker than expected :smiley:

1 Like