Secure way to log PHP exception trace (that might include sensible credentials)

CONTEXT

I have a web app and I catch my exception globally to log them into a file inside my app (/app/log/app.log). A public folder make impossible to browse outside as it is mounted to be served to the client (/public/index.php).

I also use a modified version of Exception::getTraceAsString(), which let me have the full strings instead of PHP truncating the strings in this trace (the code is really trivial, I will not put the class here because it is not relevant for the question I am asking).

Here is an example of what my app.log file looks like:

2018-06-10 14:33:12.7016 (+02:00) [ERRO] Error of type PDOException catched
2018-06-10 14:33:12.7020 (+02:00) [DBUG] Error catched on line 22 of file C:\xampp\htdocs\my-app\app\bootstrap\database.php
2018-06-10 14:33:12.7026 (+02:00) [DBUG] #0 [internal function]: PDO->__construct('mysql:host=localhost;dbname=test;port=3306;adapter=;prefix=', 'root', '', Array)
2018-06-10 14:33:12.7028 (+02:00) [DBUG] #1 [internal function]: Phalcon\Db\Adapter\Pdo->connect(Array)
2018-06-10 14:33:12.7031 (+02:00) [DBUG] #2 C:\xampp\htdocs\my-app\app\bootstrap\database.php(22): Phalcon\Db\Adapter\Pdo->__construct(Array)
2018-06-10 14:33:12.7034 (+02:00) [DBUG] #3 C:\xampp\htdocs\my-app\public\index.php(7): include('C:\xampp\htdocs\my-app\app\bootstrap\database.php')

Knowing that i would like to dispose of those information outside my app, let us say SaaS service for storing and searching across various log destinations (which might potentially be visible by employee of the SaaS system).

PROBLEM

As you can see, my app.log can sometimes contains sensible content like passwords.

QUESTION

Is there a state-of-the-art way to handle the sensibility of the content in our log traces?

Also, what about the security regarding the fact that absolute paths are visible in our logs?