Skip to content

premium: add user-controlled log redaction #22046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Nov 13, 2025
Merged

premium: add user-controlled log redaction #22046

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
4bad1f2
Create tidb-cloud-log-redaction-premium.md
wildpcww Nov 12, 2025
09edb26
fix format
Oreoxmt Nov 12, 2025
20beaaf
TiDB Cloud {{{ .premium }}} -> {{{ .premium }}}
Oreoxmt Nov 12, 2025
0561d82
update TOC
Oreoxmt Nov 12, 2025
25244e5
Merge branch 'log-redaction' of github.com:wildpcww/docs into log-red…
Oreoxmt Nov 12, 2025
b38477c
update TiDB Instances links
Oreoxmt Nov 12, 2025
0c6ab65
update CustomContent
Oreoxmt Nov 12, 2025
7f25c45
update TOC
Oreoxmt Nov 12, 2025
c77eace
remove tidb-cloud-log-redaction-premium.md
Oreoxmt Nov 12, 2025
f307891
Update summary
lilin90 Nov 12, 2025
ee66b18
Update format
lilin90 Nov 13, 2025
38462ea
Merge branch 'release-8.5' into log-redaction
lilin90 Nov 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions TOC-tidb-cloud-premium.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,8 @@
- [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/premium/connect-to-premium-via-alibaba-cloud-private-endpoint.md)
- [Configure Firewall Rules for Public Endpoints](/tidb-cloud/configure-serverless-firewall-rules-for-public-endpoints.md)
- [TLS Connections to TiDB Cloud](/tidb-cloud/premium/tidb-cloud-tls-connect-to-premium.md)
- Data Access Control
- [User-Controlled Log Redaction](/tidb-cloud/tidb-cloud-log-redaction.md)
- Audit Management
- [Console Audit Logging](/tidb-cloud/tidb-cloud-console-auditing.md)
- Billing
Expand Down
58 changes: 52 additions & 6 deletions tidb-cloud/tidb-cloud-log-redaction.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,45 @@
---
title: User-Controlled Log Redaction
summary: Learn how to enable or disable user-controlled log redaction for TiDB Cloud Dedicated clusters to manage sensitive data visibility in execution logs.
summary: Learn how to enable or disable user-controlled log redaction in TiDB Cloud to manage the visibility of sensitive data in execution logs.
---

# User-Controlled Log Redaction

User-controlled log redaction lets you manage the visibility of sensitive data in your [TiDB Cloud Dedicated](/tidb-cloud/select-cluster-tier.md#tidb-cloud-dedicated) cluster logs. By toggling this redaction feature, you can protect your information, balance operational needs with security, and control what appears in your cluster logs.
User-controlled log redaction lets you manage the visibility of sensitive data in your <CustomContent plan="dedicated">[TiDB Cloud Dedicated](/tidb-cloud/select-cluster-tier.md#tidb-cloud-dedicated) cluster</CustomContent><CustomContent plan="premium">{{{ .premium }}} instance</CustomContent> logs. By toggling this redaction feature, you can protect your information, balance operational needs with security, and control what appears in your <CustomContent plan="dedicated">cluster</CustomContent><CustomContent plan="premium">instance</CustomContent> logs.

Log redaction is enabled by default, ensuring that sensitive information in running logs and execution plans is concealed. If you need more detailed log information for cluster maintenance or SQL tuning, you can disable this feature at any time.
Log redaction is enabled by default, ensuring that sensitive information in running logs and execution plans is concealed. If you need more detailed log information for <CustomContent plan="dedicated">cluster</CustomContent><CustomContent plan="premium">instance</CustomContent> maintenance or SQL tuning, you can disable this feature at any time.

<CustomContent plan="dedicated">

> **Note:**
>
> The log redaction feature is only supported for TiDB Cloud Dedicated clusters.

</CustomContent>

<CustomContent plan="premium">

> **Note:**
>
> The log redaction feature is supported for TiDB Cloud Dedicated clusters and {{{ .premium }}} instances.

</CustomContent>

## Prerequisites

<CustomContent plan="dedicated">

* You must be in the **Organization Owner** or **Project Owner** role of your organization in TiDB Cloud.
* Log redaction cannot be enabled or disabled when the cluster is in the `paused` state.

</CustomContent>

<CustomContent plan="premium">

* You must be in the **Organization Owner** role of your organization in TiDB Cloud.

</CustomContent>

## Disable log redaction

> **Warning:**
Expand All @@ -27,15 +49,27 @@ Log redaction is enabled by default, ensuring that sensitive information in runn
To disable log redaction, do the following:

1. Log in to the [TiDB Cloud console](https://tidbcloud.com/).
2. Navigate to the [**Clusters**](https://tidbcloud.com/project/clusters) page, and then click the name of your target cluster to go to its overview page.
2. Navigate to the <CustomContent plan="dedicated">[**Clusters**](https://tidbcloud.com/project/clusters)</CustomContent><CustomContent plan="premium">[**TiDB Instances**](https://tidbcloud.com/tidbs)</CustomContent> page, and then click the name of your target <CustomContent plan="dedicated">cluster</CustomContent><CustomContent plan="premium">instance</CustomContent> to go to its overview page.

<CustomContent plan="dedicated">

> **Tip:**
>
> You can use the combo box in the upper-left corner to switch between organizations, projects, and clusters.

</CustomContent>

<CustomContent plan="premium">

> **Tip:**
>
> You can use the combo box in the upper-left corner to switch between organizations and instances.

</CustomContent>

3. In the left navigation pane, click **Settings** > **Security**.
4. In the **Execution Log Redaction** section, you can see that the redaction feature is **Enabled** by default.
5. Click **Disable**. A warning appears, explaining the risks of disabling log redaction.
5. Click **Disable**. A warning appears, explaining the risks of disabling log redaction.
6. Confirm the disabling.

After disabling log redaction, note the following:
Expand All @@ -62,12 +96,24 @@ To check the updated logs after log redaction is disabled, do the following:
To maintain data security, **enable log redaction** as soon as you complete your diagnostic or maintenance task as follows.

1. Log in to the [TiDB Cloud console](https://tidbcloud.com/).
2. Navigate to the [**Clusters**](https://tidbcloud.com/project/clusters) page, and then click the name of your target cluster to go to its overview page.
2. Navigate to the <CustomContent plan="dedicated">[**Clusters**](https://tidbcloud.com/project/clusters)</CustomContent><CustomContent plan="premium">[**TiDB Instances**](https://tidbcloud.com/tidbs)</CustomContent> page, and then click the name of your target <CustomContent plan="dedicated">cluster</CustomContent><CustomContent plan="premium">instance</CustomContent> to go to its overview page.

<CustomContent plan="dedicated">

> **Tip:**
>
> You can use the combo box in the upper-left corner to switch between organizations, projects, and clusters.

</CustomContent>

<CustomContent plan="premium">

> **Tip:**
>
> You can use the combo box in the upper-left corner to switch between organizations and instances.

</CustomContent>

3. In the left navigation pane, click **Settings** > **Security**.
4. In the **Execution Log Redaction** section, you can see that the redaction feature is **Disabled**.
5. Click **Enable** to enable it.
Expand Down