Redactrus is a custom formatter for the logrus logging library, designed to redact sensitive information from your logs. It allows you to define custom redaction functions that can be applied to your log messages, ensuring that sensitive data does not get exposed in your log output.
- Custom Redaction Functions: Define your own redaction logic tailored to your application's needs.
- Flexible Redaction: Add single or multiple redactors to your formatter.
- Easy Integration: Seamlessly integrates with the logrus logging library.
To use Redactrus in your project, follow these steps:
First, ensure you have logrus installed:
go get github.com/sirupsen/logrus
Then, add Redactrus to your project:
go get github.com/ibreakthecloud/redactrus
- Create a Redacting Formatter:
You can create a new RedactingFormatter by passing an existing logrus formatter that you wish to wrap. For example, to use logrus's JSONFormatter:
import (
"github.com/sirupsen/logrus"
"github.com/ibreakthecloud/redactrus"
)
func main() {
log := logrus.New()
formatter := redactrus.NewRedactingFormatter(&logrus.JSONFormatter{})
log.SetFormatter(formatter)
}
- Add Redaction Functions:
Define your redaction functions and add them to the formatter:
func myRedactor(originalMsg, redactWith string) string {
// Implement your redaction logic here
return originalMsg // Return the redacted message
}
func main() {
// Assuming log and formatter are already set up
formatter.AddRedactor(myRedactor)
}
- Log Messages:
Use logrus as usual, and your logs will be redacted according to your defined rules.
log.Info("This is a log message with password=password123, api_key=abcdef123456, and [email protected].")
RedactingFormatter is a struct that embeds logrus.Formatter and includes redaction functions.
-
NewRedactingFormatter(innerFormatter logrus.Formatter) *RedactingFormatter
- Creates a new
RedactingFormatter
.
- Creates a new
-
NewDefaultRedactingFormatter(innerFormatter logrus.Formatter) *RedactingFormatter
- Creates a new
RedactingFormatter
with default redactors.
- Creates a new
-
AddRedactor(redactor RedactionFunc) *RedactingFormatter
- Adds a new redaction function to the
RedactingFormatter
.
- Adds a new redaction function to the
-
AddRedactors(redactors ...RedactionFunc) *RedactingFormatter
- Adds multiple redaction functions to the
RedactingFormatter
.
- Adds multiple redaction functions to the
-
SetRedactWith(r string) *RedactingFormatter
- Sets the string to redact sensitive information with.
The defaultRedactors function returns a slice of default redaction functions: Password, APIKey, and Email.
Password(msg string, r string) string
- Redacts the password from a log message.
APIKey(msg string, r string) string
- Redacts the API key from a log message.
Email(msg string, r string) string
- Redacts the email from a log message
You can define your own redaction functions to redact sensitive information from your log messages. A redaction function takes the original log message and the string to redact sensitive information with, and returns the redacted log message.
func GitHubToken(msg string, r string) string {
tokenRegex := regexp.MustCompile(`^(gh[ps]_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59})$`)
return tokenRegex.ReplaceAllString(msg, r)
}
Contributions are welcome! If you have ideas for more custom redactors, it would be awesome to have you contribute them. Feel free to open an issue or submit a pull request. Your contributions can help make Redactrus even more useful for everyone and logging more secure.
This project is licensed under the MIT License - see the LICENSE file for details.