Per discussion in #30832, this change prepends additional keys to sanitize ahead of the defaults. This allows users to sanitize keys that would otherwise be handled by the defaults but still expose credentials.
Comment From: mrgrew
I'm looking forward to some feedback on this PR - it's my first submission so I'm not sure how patient to be.
Comment From: wilkinsona
Thanks for your patience thus far, @mrgrew. As indicated by the labels on #30832, we'd like to look at this topic as a team so that we can decide what to do. We have a number of competing priorities at the moment but we will get to it as soon as we can.
Comment From: mbhave
Closing in favor of #32156. We've decide to move away from keys-to-sanitize because predicting the most secure default is tricky. We've instead decided to go for the most secure default which is to sanitize everything and allow that to be configured based on roles.