Log Data Security

View as Markdown

Redaction Policy

Standard Log Redaction applies to all logs and cannot be turned off. Strict Log Redaction provides additional protection for logs associated with a specific plugin or MCP server. You can control strict redaction from its Launch Configuration. When a change is made, it only affects future logs; it never changes logs that already exist.

Moveworks defines redaction as permanently removing information at the source so that it can never be viewed by anyone at any point in the future.

Strict Log Redaction

Strict Log Redaction redacts the data in all logs that touch the plugin or MCP server. Only metadata remains available. Use this setting when the plugin or server interacts with sensitive data that should not be available in the Logs app. Your organization’s policy may require strict redaction for broadly available plugins and servers.

  1. Connector information, including API keys, access tokens, and passwords, is always redacted.
  2. Log metadata remains available.
  3. Personally identifiable information and sensitive data in log bodies are redacted.

Standard Log Redaction

  1. Connector information, including API keys, access tokens, and passwords, is always redacted.
  2. Log metadata remains available.
  3. Common personally identifiable information and credentials are redacted. Other log-body values remain visible.

Redacting HTTP Actions

Moveworks redacts data being logged in your HTTP requests. When redacting, we leave the first and last character of sensitive information intact, and substitute the inner contents with a fixed number of ***** characters.

  • All headers are partially redacted For example
    1Authorization: Bearer SECRET_TOKEN
    2Content-Type: application/json
    Will be redacted as
    1Authorization: B*****N
    2Content-Type: a*****n
  • Query parameters are partially value-redacted For example
    1example.com/api/action?param1=value1&param2=longerValue2
    Will be redacted as
    1example.com/api/action?param1=v*****1&param2=l*****2
  • JSON request bodies are partially value-redacted For example
    1{
    2 "name": "John",
    3 "password": "secret",
    4 "info": {
    5 "email": "john@example.com",
    6 "phones": [
    7 "123-456-7890",
    8 "987-654-3210"
    9 ]
    10 }
    11}
    Would be redacted as
    1{
    2 "name": "J*****n",
    3 "password": "s*****t",
    4 "info": {
    5 "email": "j*****m",
    6 "phones": [
    7 "1*****0",
    8 "9*****0"
    9 ]
    10 }
    11}
  • Non-JSON request bodies are fully redacted For example
    1urlencodedKeyA=valueA&urlencodedKeyB=valueB
    Would be redacted as
    1<REDACTED_NON_JSON_PAYLOAD>
  • The API endpoint is not redacted. You will be able to see the original base URL & the path.

Retention Policy

By default, your system logs are retained for a period of two weeks.