leocavalcante/redact-sensitive

Monolog processor to protect sensitive information from logging

v0.1.0 2021-06-17 01:41 UTC

This package is auto-updated.

Last update: 2022-01-17 03:15:17 UTC


README

🙈 A Monolog processor that protects sensitive data from miss logging.

Avoids logging something like {"api_key":"mysupersecretapikey"} by masking partially or completely sensitive data:

Readme.INFO: Hello, World! {"api_key":"mysu***************"} []

Install

composer require leocavalcante/redact-sensitive

Usage

1. Prepare your sensitive keys

It is a map of key names and how much of it can be displayed, for example:

$sensitive_keys = [
    'api_key' => 4,
];

Shows the first 4 characters of the api_key.

If you want to display the last chars, you can use negative values like ['api_key' => -4], then it will display the last 4 characters.

2. Create a Processor using the keys

You can now create a new Processor with the given keys:

use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

3. Set the Processor to a Monolog\Logger

use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme');
$logger->pushProcessor($processor);

Examples

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Hello, World!', ['api_key' => 'mysupersecretapikey']);
Readme.INFO: Hello, World! {"api_key":"mysu***************"} []

Completely hidden

You can hide it completely by passing 0 to the key.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['you_know_nothing' => 0];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Completely hidden', ['you_know_nothing' => 'John Snow']);
Example.INFO: Completely hidden {"you_know_nothing":"*********"} []

Right to left

And, as said before, you can mask the value from right to left using negative values.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['credit_card' => -4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('You are not storing credit cards, right?', ['credit_card' => '4111111145551142']);
Example.INFO: You are not storing credit cards, right? {"credit_card":"************1142"} []

Nested values

It should work with nested objects and arrays as well.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = [
    'nested' => [
        'arr' => [
            'value' => 3,
            'or_obj' => ['secret' => -3],
        ],
    ]
];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$nested_obj = new stdClass();
$nested_obj->secret = 'donttellanyone';

$logger->info('Nested', [
    'nested' => [
        'arr' => [
            'value' => 'abcdfg',
            'or_obj' => $nested_obj,
        ],
    ],
]);
Example.INFO: Nested {"nested":{"arr":{"value":"abc***","or_obj":{"stdClass":{"secret":"***********one"}}}}} []

Thanks

Feel free to open any issues or PRs.

MIT © 2021