Currently, we go through the logs by looking for secured variables from a list of environment variables and mask them with the environment variable it corresponds to. The current logic masks secured variables purely by parsing through the logs without looking into the code.  

The suggestion is to replace the values of the secured variables with the variable name based on the usage of those variables in the code and not to replace them by looking at the logs.