Logs show plaintext password #1796
Description
When setting DEBUG=ioredis:* on a NodeJS server that has [email protected] installed, the ioredis logs show the password in plaintext.
This is different from existing issue Errors contain credentials in plaintext #1713 because no error logging is involved in this scenario. This scenario is just turning on all logs for a working Redis client.
2023-08-15T13:56:34.671Z ioredis:cluster:subscriber started
2023-08-15T13:56:34.677Z ioredis:redis status[***.***.***.***:PORT (ioredis-cluster(refresher))]: connecting -> connect
2023-08-15T13:56:34.677Z ioredis:redis write command[***.***.***.***:PORT (ioredis-cluster(refresher))]: 0 -> auth([ 'PLAINTEXT_PASSWORD_HERE' ])
2023-08-15T13:56:34.678Z ioredis:redis status[***.***.***.***:PORT (ioredis-cluster(refresher))]: connect -> ready
2023-08-15T13:56:34.678Z ioredis:connection set the connection name [ioredis-cluster(refresher)]
The Redis plaintext password should not be showing in ioredis logs.