Logging and Error Handling Without Leaks

Never log secrets. Log events and metadata only, and ensure logs have strict permissions.

Secure logging example

import logging, os

LOG_FILE = os.path.expanduser("~/.vault_cli/vault.log")
logging.basicConfig(filename=LOG_FILE, level=logging.INFO, format="%(asctime)s %(levelname)s %(message)s")

def log_event(event, name=None):
    logging.info("Event: %s Name: %s", event, name if name else "-")

Error handling

Provide user-friendly messages; log details for debugging.

try:
    # decrypt or access storage
    pass
except Exception as e:
    log_event("error", None)
    print("Operation failed. Check logs for details.")

✅ Lesson: Logs are for operations, not secrets.

Secure logging example​

Error handling​

Secure logging example

Error handling