depends on: #467

The main issue with the current approach to diffing is that it’s done in a very Go native, decentralized way. This makes it very simple to add audit diffing to new features or data types, but it doesn’t make it easy to have a high level view of everything we provide diffs on. Documenting or auditing all of the diffs we produce would be very labor intensive.

While there is documentation for how to use the diff tags, because it is decoupled from where you write diff tags, the documentation is often not followed. There have been a couple cases where secrets have been leaked to the audit log, due to not using the secret tag (which allows you to diff a secret field by indicating it changed, but not logging the value) at all or using it incorrectly.

Option discussed:
generate a JSON blob