Include a note about logging sensitive URLs #123
Description
In the case of fugacious, URLs should be treated as sensitive since knowing the URL would allow someone to access the secret stored (assuming it was accessed within the TTL of the secret).
If running fugacious behind an http server like apache or nginx, often these have a default configuration to log all requests, including URLs, to file or stdout. Most PaaS, like Heroku or Cloud Foundry are configured this way, too. Operators of fugacious should take this into consideration when setting up their app, otherwise, they will potentially be disclosing sensitive information to their hosting providers.
We can include a note about how to avoid this disclosure of sensitive information and maybe even include suggested apache or nginx configuration files as examples.