Merge pull request #319 from iuliana/feature/trace-log
Added mention of the trace configuration being provided
diff --git a/guide/ops/logging.md b/guide/ops/logging.md
index b71809e..ef6d3c5 100644
--- a/guide/ops/logging.md
+++ b/guide/ops/logging.md
@@ -10,9 +10,10 @@
* `ERROR` and above: exceptional situations which indicate that something has unexpectedly failed or
some other problem has occurred which the user is expected to attend to
-* `WARN`: exceptional situations which the user may which to know about but which do not necessarily indicate failure or require a response
-* `INFO`: a synopsis of activity, but which should not generate large volumes of events nor overwhelm a human observer
-* `DEBUG` and lower: detail of activity which is not normally of interest, but which might merit closer inspection under certain circumstances.
+* `WARN`: exceptional situations which the user may which to know about but which do not necessarily indicate failure or require a response.
+* `INFO`: a synopsis of activity, but which should not generate large volumes of events nor overwhelm a human observer.
+* `DEBUG`: detail of activity which might merit closer inspection under certain circumstances.
+* `TRACE` and lower: detail of activity which is not normally of interest, but which might merit closer inspection under certain circumstances including sensitive information (e.g. secrets) that should not be exposed in higher lover levels. A configuration example for TRACE level is present in the log configuration file, but is commented because of security concerns.
Loggers follow the ``package.ClassName`` naming standard.
diff --git a/guide/ops/security-guidelines.md b/guide/ops/security-guidelines.md
index af1d8e5..ef6b1bd 100644
--- a/guide/ops/security-guidelines.md
+++ b/guide/ops/security-guidelines.md
@@ -101,3 +101,26 @@
configuring Brooklyn to use this. See the documentation for
`org.apache.brooklyn.core.entity.drivers.downloads.DownloadProducerFromProperties`.
+## Controlling Sensitive Information in the Logs
+
+By default, Brooklyn does not log any data considered sensitive. Blueprints added to the catalog or deployed are scanned
+for information that could be considered sensitive. Any blueprint containing any of the following is considered to
+possibly be containing sensitive data:
+
+- "password"
+- "passwd"
+- "credential"
+- "secret"
+- "private"
+- "access.cert"
+- "access.key
+
+If sensitive information is found, all log entries related to the blueprint are written with the TRACE log level.
+Since there is no configuration for this level, data is not saved in the Brooklyn standard log files.
+
+For in-depth advanced investigations purposes, a commented sample configuration for enabling TRACE logging is available in
+the `org.ops4j.pax.logging.cfg` logging configuration file. With the trace configuration enabled, all TRACE log entries
+are written to the `brooklyn.trace.log` file.
+
+As a general rule, avoid or minimize writing sensitive data in clear text in blueprints. For bundles that contain Java
+types, use TRACE logging for sensitive information.
\ No newline at end of file
