add new feature to make sure we aren't writing PII into the application logs. So far we're aware of doing so regarding Auth use-cases
