LoginV2 logs (potentially) sensitive information

Dear Zitadel team,

I would like to bring to your attention this issue: https://github.com/zitadel/zitadel/issues/11184

zitadel-login

zitadel-login

zitadel-login

zitadel-login container deployed with environment variable

DEBUG=FALSE

DEBUG=FALSE

DEBUG=FALSE

DEBUG=FALSE logs potentially sensitive values.

GitHub

[Bug]: Login V2 - Sensitive information logged through console.log ...

Preflight Checklist I could not find a solution in the documentation, the existing issues or discussions I have joined the ZITADEL chat Environment ZITADEL Cloud Version v4.7.0 Database PostgreSQL ...

Ask Inkeep•12/12/25, 1:53 PM

Hi @Arnau, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.

Ask Inkeep•12/12/25, 1:53 PM

Answer

I wasn't able to find a direct answer, here are some relevant sources:

Connect your Self-Hosted Login UI to Zitadel | ZITADEL Docs (1) :

Covers configuration of the

zitadel-login

zitadel-login

container including environment variables like ZITADEL_SERVICE_USER_TOKENZITADEL_SERVICE_USER_TOKEN and ZITADEL_SERVICE_USER_TOKEN_FILEZITADEL_SERVICE_USER_TOKEN_FILE.

[Bug]: Self-Hosted: {"code":5, "message":"Not Found"} (2) :

Contains discussion about Login V2 deployment issues and ongoing work on documentation/configuration for the separate Next.js Login App.

The specific issue you've raised (GitHub #11184) regarding sensitive value logging with

DEBUG=FALSE

DEBUG=FALSE

isn't covered in the available sources. Since you've already opened a GitHub issue, a team member monitoring this channel can review it directly. You can also click the "Ask for help" button to tag a team member for attention.

Ask Inkeep•12/12/25, 1:53 PM

To learn more, see the sources I considered:

[1] Connect your Self-Hosted Login UI to Zitadel | ZITADEL Docs
[2] [Bug]: Self-Hosted: {"code":5, "message":"Not Found"}

Ask Inkeep•12/12/25, 1:53 PM

Feel free to tag @Ask Inkeep with additional questions.

AAsk Inkeep To learn more, see the sources I considered: [[1] Connect your Self-Hosted Lo...

Ask InkeepAPP•12/12/25, 1:55 PM

Got it. Tagging @Rajat for additional help.

elina_shoko•12/12/25, 2:00 PM

Thanks @Arnau for reporting, we're having a look now

ArnauOP•12/14/25, 11:42 AM

LoginV2 logs (potentially) sensitive information