From db325c263a4b7b1d9d3b83dd1958d876daa9f238 Mon Sep 17 00:00:00 2001
From: Christian Salway <ccsalway@yahoo.co.uk>
Date: Tue, 21 Feb 2023 19:09:40 +0000
Subject: [PATCH] Update python-logging.md

Warning to inform users that logging config is global and can expose secrets
---
 doc_source/python-logging.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/doc_source/python-logging.md b/doc_source/python-logging.md
index cfb9045d..2fba615f 100644
--- a/doc_source/python-logging.md
+++ b/doc_source/python-logging.md
@@ -217,4 +217,17 @@ START RequestId: 1c8df7d3-xmpl-46da-9778-518e6eca8125 Version: $LATEST
 END RequestId: 1c8df7d3-xmpl-46da-9778-518e6eca8125
 REPORT RequestId: 1c8df7d3-xmpl-46da-9778-518e6eca8125  Duration: 2.75 ms   Billed Duration: 3 ms Memory Size: 128 MB Max Memory Used: 56 MB  Init Duration: 113.51 ms
 XRAY TraceId: 1-5e34a66a-474xmpl7c2534a87870b4370   SegmentId: 073cxmpl3e442861 Sampled: true
-```
\ No newline at end of file
+```
+
+WARNING: Settings in the logging library are global, meaning you could expose secrets in your logs. For example, the following will log the request and response in full meaning the secret string will be written to the cloudwatch log:
+```
+import logging
+
+logger = logging.getLogger()
+logger.setLevel(logging.DEBUG)
+
+secretsmanager = boto3.client('secretsmanager')
+secretsmanager.get_secret_value(
+  SecretId=secret_name
+)
+```