There are cases when we do not want sensitive data like passwords, card details etc in log files. Rails provides filter_parameters to achive this.

For example, if we have to filter secret_code of user then we need to set filter_parameters in the application.rb as below:

After sending request to server, our request parameters will look like these:

Now if we do User.last then:

We can see that the secret_code of user is not filtered and visible.

Rails 6 has moved ParamterFilter from ActionDispatch to ActiveSupport to solve above security problem.

In Rails 6

Now we can see that secret_code is filtered.

Instead of defining as filter_parameters, we can also define attributes as filter_attributes.

If we have filter_attributes or filter_parameters in regex or proc form, Rails 6 has added support for that also.