Hi everyone 👋 I'm working with the community-managed

tap-quickbooks

and noticed that some secrets (like API keys or tokens) seem to be logged in plain text during execution. From what I understand, there’s a

_make_request

method in the tap that logs the URL and the full body of the POST request used to request a token — which includes API secrets.

[...]

def _make_request(self, http_method, url, headers=None, body=None, stream=False, params=None, sink_name=None):
        if http_method == "GET":
            <http://LOGGER.info|LOGGER.info>("Making %s request to %s with params: %s", http_method, url, params)
            resp = self.session.get(url, headers=headers, stream=stream, params=params)
        elif http_method == "POST":
            <http://LOGGER.info|LOGGER.info>("Making %s request to %s with body %s", http_method, url, body)
            resp = <http://self.session.post|self.session.post>(url, headers=headers, data=body)
        else:
            raise TapQuickbooksException("Unsupported HTTP method")

[...]

Is there a way in Meltano to prevent secrets from being written to log files if the logging is done by the tap itself? Or is this considered a tap-specific issue that should be addressed on GitHub? 🤷‍♂️ Thanks in advance for any insights!

Tap issue I would say

Ok, thanks 🙏 I raise an issue then.