mohamedhekal / payloadmask
Recursive redaction of secrets and PII for Laravel logs, audits, and webhook payloads
v0.1.0
2026-07-16 14:23 UTC
Requires
- php: ^8.2
- illuminate/support: ^11.0|^12.0
Requires (Dev)
- laravel/pint: ^1.18
- monolog/monolog: ^3.0
- orchestra/testbench: ^9.0|^10.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
- phpstan/phpstan: ^2.0
README
Search terms: laravel, redaction, pii, logging, security, gdpr, pci, php, laravel-package, secrets, masking, privacy.
Recursive redaction of secrets and PII for Laravel logs, audits, and webhook payloads.
Problem
Card numbers, passwords, and tokens leak into logs and stored webhook bodies. Manual Arr::except does not scale across nested payloads.
Installation
composer require mohamedhekal/payloadmask php artisan vendor:publish --tag=payloadmask-config
Quick start
use Hekal\PayloadMask\Facades\PayloadMask; $safe = PayloadMask::mask([ 'user' => ['email' => 'a@b.com', 'password' => 'secret'], 'authorization' => 'Bearer abc.def', ]);
When payloadmask.logging.enabled is true, a Monolog processor redacts context/extra/message on the default logger.
Features
- Key-based redaction (case-insensitive)
- Dot-path redaction
- Regex value patterns
- Presets:
auth,pci - Max depth guard
- Facade + Monolog processor
Testing
composer install
composer test
License
MIT