Rails 6 adds ActiveSupport::ParameterFilter | Saeloun Blog All Articles Categories Contact Conference Rails 6 adds ActiveSupport::ParameterFilter Dec 3, 2019 , by Romil Mehta 1 minute read There are cases when we do not want sensitive data like passwords, card details etc in log files. Rails provides filter_parameters to achive this. For example, if we have to filter secret_code of user then we need to set filter_parameters in the application.rb as below: config.filter_parameters += ["secret_code"] After sending request to server, our request parameters will look like these: Parameters: {"authenticity_token"=>"ZKeyrytDDqYbjgHm+ZZicqVrKU/KetThIkmHsFQ/91mQ/eGmIJkELhypgVvAbAg1OR+fN5TA8qk0PrOzDOtAKA==", "user"=>{"first_name"=>"First Name", "last_name"=>"Last Name", "email"=>"abc@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "secret_code"=>"[FILTERED]"}, "commit"=>"Create User"} Now if we do User.last then: > User.last #=> # We can see that the secret_code of user is not filtered and visible. Rails 6 has moved ParamterFilter from ActionDispatch to ActiveSupport to solve above security problem. In Rails 6 > User.last #=> # Now we can see that secret_code is filtered. Instead of defining as filter_parameters, we can also define attributes as filter_attributes. > User.filter_attributes = [:secret_code, :password] #=> [:secret_code, :password] > User.last #=> # If we have filter_attributes or filter_parameters in regex or proc form, Rails 6 has added support for that also. > User.filter_attributes = [/name/, :secret_code, :password] #=> [/name/, :secret_code, :password] > User.last #=> # Share this post! If you enjoyed this post, you might also like: Rails 6 - Action Mailbox tryout November 11, 2019 Rails 7 adds disable_joins: true option to has_many :through association May 4, 2021 Rails 7 adds disable_joins: true option to has_one :through association June 1, 2021