| title | MCP-LOG-02 — Secret Redaction in Logs |
|---|---|
| weight | 62 |
Level: L1
Domain: LOG
MCP servers MUST NOT log secrets (API keys, passwords, tokens, credentials) in plaintext. Implement automated redaction or avoid logging sensitive parameters entirely.
Logs are often stored insecurely, aggregated in log management systems, and accessible to many personnel. Plaintext secrets in logs enable credential theft.
All logging (application logs, access logs, error logs).
- Logging configuration or code showing redaction of sensitive fields
- Sample log output confirming secrets are redacted (e.g.,
api_key=***REDACTED***) - Test: tool invoked with API key → log does not contain actual key
# Example
import re
SENSITIVE_PATTERNS = [
r'(api[_-]?key=)([^\s&]+)',
r'(Authorization:\s*Bearer\s+)([^\s]+)',
r'(password=)([^\s&]+)'
]
def redact_secrets(message):
for pattern in SENSITIVE_PATTERNS:
message = re.sub(pattern, r'\1***REDACTED***', message)
return message
logger.info(redact_secrets(f"Calling API with {api_key}"))- Trigger error with API key in request
- Check logs: key should not appear
- CWE: CWE-532 (Insertion of Sensitive Information into Log File)
- OWASP Top 10: A09:2021
- OWASP MCP Top 10: MCP-01 (Token Mismanagement & Secret Exposure)
NOT_APPLICABLE: If server never handles secrets (rare).
- WorkOS: "Best Practices for MCP Secrets Management" (July 2024)
- Palo Alto Networks: "MCP Security Exposed" (May 2024)