Are there any practical solutions to avoid logging or masking (while logging) any sensitive data like KeyID’s or other information that you would’nt want even you security engineers to see. usuallly thre needs to be a balance between the amount of information logged (for making them useful) and the sensitivity of the information logged. any practical solutions could be greatly appreciated. i understand encrypting the logs and varification of logs using digests, but what after the IR team or security engineer has decrypted the logs. is data masking based on regex an option?