Observability in a production environment is essential for monitoring application health, diagnosing issues, and ensuring compliance. Proper logging and monitoring practices help you gain insight into system behavior without exposing sensitive data. This section explains how to enable structured logging, ship logs securely, and manage payload logging with caution.

Enable structured logging

To improve log readability and integration with monitoring tools, enable structured logging in the configuration:

observability.logging.json=true

Manage secrets securely

Secrets such as API keys, tokens, and certificates must be handled with strict security controls to prevent exposure. Follow these recommended practices to manage secrets:
  • Mount secrets as read-only to prevent accidental modification.
  • Set file permissions to 0400 wherever possible to restrict access to the owner only.

Ship logs securely

Ship logs to a centralized system for analysis. You can use one of the following approaches:
Method Description
Sidecar container Deploy a logging sidecar to collect and forward logs
Docker logging driver Use Docker’s built-in logging driver to stream logs to an external service

Manage payload logging carefully

Do not enable payload logging unless you have a robust redaction strategy in place. Logging raw payloads can expose sensitive information such as tokens or personally identifiable data.