1Do not log secrets
A massive security violation is logging Personally Identifiable Information (PII) or secrets. NEVER log a user's password, credit card, or social security number. Ensure your logging middleware actively scrubs/redacts fields named 'password' or 'token' before writing to disk.
