I’ve recently implemented a workflow using the HTTP command. The service that I am interacting with uses a API key to obtain a JWT. The API key is masked in the logs. However, subsequent HTTP commands expose the JWT in the logs. I’d like this JWT to be masked.
I can think of three approaches:
- Adding a mask checkbox for each HTTP header
- Mask the second token of any “Authorization” headers
- Use regex to mask any word that looks like a JWT: eyJ[0-9A-Za-z_-]+.[0-9A-Za-z_-]+.[0-9A-Za-z_-]+