Skip to content

Expl0dingBanana/securelogging

BranchesTags

Repository files navigation

Project generated with PyScaffold

securelogging

Remove secrets from logging

This project enables redaction in logs based on a global set of secrets. These secrets are managed by add_secret and remove_secret.

In this example, we have a key that we want to have a key redacted from the log. To accomplish this, we need to define the key and add it to secret. When we generate our logger, we do it within UseLoggingRedactor. When the message is logged, it will appear as beanbean - Assigned key: JH***QE

from securelogging import add_secret, UseLoggingRedactor
import logging


key = "JHKLASDJKQWEBBNMASDHJK:LGHJKWQE"
add_secret(key)
with UseLoggingRedactor():
    logger_bb = logging.getLogger("beans.beans")

sh_bb = logging.StreamHandler()
sh_bb.setFormatter(logging.Formatter("beanbean - %(message)s"))
logger_bb.addHandler(sh_bb)

logger_bb.warning("Assigned key: %s", key)

Since the log record is modified, propagation still occurs as expected, but will do so with the redacted message. The output of this will be

beanbean - Assigned key: JH***QE
bean - Assigned key: JH***QE

from securelogging import add_secret, UseLoggingRedactor
import logging


key = "JHKLASDJKQWEBBNMASDHJK:LGHJKWQE"
add_secret(key)
with UseLoggingRedactor():
    logger_bb = logging.getLogger("beans.beans")

sh_bb = logging.StreamHandler()
sh_bb.setFormatter(logging.Formatter("beanbean - %(message)s"))
logger_bb.addHandler(sh_bb)

logger_b = logging.getLogger("beans")
sh_b = logging.StreamHandler()
sh_b.setFormatter(logging.Formatter("bean - %(message)s"))
logger_b.addHandler(sh_b)

logger_bb.warning("Assigned key: %s", key)

You can also redact a single message. This could be useful if you normally do not want something redacted, but in specific use-cases you need it to be redacted. The output of this will be

Assigned non-redacted key: JHKLASDJKQWEBBNMASDHJK:LGHJKWQE
Assigned non-redacted key: JH***QE

from securelogging import add_secret, LogRedactorMessage
import logging

key = "JHKLASDJKQWEBBNMASDHJK:LGHJKWQE"
add_secret(key)
logger_bb = logging.getLogger("beans.beans")
logger_bb.warning("Assigned non-redacted key: %s", key)

with LogRedactorMessage():
    logger_bb.warning("Assigned non-redacted key: %s", key)

Note

This project has been set up using PyScaffold 4.6. For details and usage information on PyScaffold see https://pyscaffold.org/.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages