Redact anything resembling Stripe keys when logging

[richardm-stripe]

No description provided.

[jonchurch]

For anyone looking for it, I believe this RegEx matches anything stripe-key-like:

/(pk|sk)_(test|live)_[A-Za-z0-9]+/

Preview on regexpal.com

The stricter version of this would be to check that it's the right length as well:
EDIT: This approach is flawed as noted below, stripe key length is not guaranteed in the future.

/(pk|sk)_(test|live)_[A-Za-z0-9]{24}}/

[remi-stripe]

@jonchurch Just for completeness, we have API keys of different lengths and we will keep increasing the length over time. Also many API keys have different formats, legacy ones don't have test or live or not even pk_ or sk_. Restricted API keys start with rk_ while ephemeral keys start with ek_. I would discourage anyone from using a regex for anything that isn't just logging.

[jonchurch]

That's good information, thank you. For anyone who finds this later, it's likely best for you to scrub specific fields from logging, and only use a regex as a backup or to verify output in tests w/ testing keys.