A secure formatter for Elixir Logger and replacement for Kernel.inspect/1. Using blacklisted keys and patterns SecureLogFormatter will identify and redact sensitive information from logs with ease.
def deps do
[{:secure_log_formatter, "~> 1.0"}]
endLike living on the edge? Want the latest and greatest?
def deps do
[{:secure_log_formatter,
github: "localvore-today/secure_log_formatter"}]
endconfig :logger,
secure_log_formatter:
[
# Map and Keyword List keys who's value should be hidden
fields: ["password", "credit_card", ~r/.*_token/],
# Patterns which if found, should be hidden
patterns: [~r/4[0-9]{15}/], # Simple credit card example
# defaults to "[REDACTED]"
replacement: "[PRIVATE]"
]Using SecureLogFormatter is easy, we only need to pass a tuple to the :format option for our logging backend(s):
config :logger,
console: [format: {SecureLogFormatter, :format}]If we give it awhirl:
iex> Logger.info("Customer Credit Card: 4111111111111111")
15:39:40.169 [info] Customer Credit Card: [PRIVATE]To leverage SecureLogFormatter.inspect/1 in place of Kernel.inspect/1 we can add two lines to the top of our files:
import Kernel, except: [inspect: 1]
import SecureLogFormatter, only: [inspect: 1]With this change calls to inspect/1 will be handled by SecureLogFormatter:
iex> inspect(%{access_token: "secret_token", password: "abc123", username: "doomspork"})
"%{access_token: \"[PRIVATE]\", password: \"[PRIVATE]\", username: \"doomspork\"}"SecureLogFormatter source code is released under MIT.
See LICENSE for more information.