Target with encryption #723
Replies: 2 comments 1 reply
-
|
There are multiple approaches to achieve that, depending on your specific implementation—how you generate the audit events and where you store them. Providing more context or an example would help refine the guidance. For instance, if you're using the Audit.NET core library to manually create events and store them as JSON files, and the data you want to encrypt is a string property (e.g., "Name") in the Target object, you could use a Custom Action. Here's an example: // Assuming you're auditing the change of a patient name
public void UpdatePatientName(int patientId, string name)
{
var patient = GetExistingPatient(patientId);
using var auditScope = new AuditScopeFactory().Create(c => c
.EventType("PatientNameChange")
.Target(() => patient));
patient.Name = name;
UpdatePatient(patient);
}You could configure a custom action to encrypt specific fields before saving the audit event: Audit.Core.Configuration.Setup()
.UseFileLogProvider(f => f.Directory(@"C:\Logs"))
.WithCreationPolicy(EventCreationPolicy.InsertOnEnd)
.WithAction(actions => actions.OnEventSaving(scope =>
{
// Encrypt the Target.Old.Name property
if (scope.Event.Target?.Old?.GetType().GetProperty("Name") != null)
{
var oldValue = (dynamic)scope.Event.Target.Old;
oldValue.Name = Encrypt(oldValue.Name);
}
// Encrypt the Target.New.Name property
if (scope.Event.Target?.New?.GetType().GetProperty("Name") != null)
{
var newValue = (dynamic)scope.Event.Target.New;
newValue.Name = Encrypt(newValue.Name);
}
}));You can adapt this approach to other storage providers or implement a different method to modify the values. Here, I'm using If you know the exact structure of the // Example with a strongly-typed Target
Audit.Core.Configuration.Setup()
.UseFileLogProvider(f => f.Directory(@"C:\Logs"))
.WithCreationPolicy(EventCreationPolicy.InsertOnEnd)
.WithAction(actions => actions.OnEventSaving(scope =>
{
if (scope.Event.Target.Old is Patient targetOld)
{
targetOld.Name = Encrypt(targetOld.Name);
}
if (scope.Event.Target.New is Patient targetNew)
{
targetNew.Name = Encrypt(targetNew.Name);
}
}));However, the dynamic-reflection approach works well if your If you have more details about your scenario, such as the storage mechanism or additional encryption needs, I can tailor the solution more closely to your use case. |
Beta Was this translation helpful? Give feedback.
-
|
I also need the old data to be encrypted. Is there something like an onTracking?
<https://www.stillpointsoftware.net/>
From: Federico Daniel Colombo ***@***.***>
Sent: Friday, January 17, 2025 6:09 PM
To: thepirat000/Audit.NET ***@***.***>
Cc: Annette Findley ***@***.***>; Author ***@***.***>
Subject: Re: [thepirat000/Audit.NET] Target with encryption (Discussion #723)
There are multiple approaches to achieve that, depending on your specific implementation—how you generate the audit events and where you store them.
Providing more context or an example would help refine the guidance.
For instance, if you're using the Audit.NET core library to manually create events and store them as JSON files, and the data you want to encrypt is a string property (e.g., "Name") in the Target object, you could use a Custom Action <https://github.com/thepirat000/Audit.NET?tab=readme-ov-file#custom-actions> .
Here's an example:
// Assuming you're auditing the change of a patient name
public void UpdatePatientName(int patientId, string name)
{
var patient = GetExistingPatient(patientId);
using var auditScope = new AuditScopeFactory().Create(c => c
.EventType("PatientNameChange")
.Target(() => patient));
patient.Name = name;
UpdatePatient(patient);
}
You could configure a custom action to encrypt specific fields before saving the audit event:
Audit.Core.Configuration.Setup()
.UseFileLogProvider(f => f.Directory(@"C:\Logs"))
.WithCreationPolicy(EventCreationPolicy.InsertOnEnd)
.WithAction(actions => actions.OnEventSaving(scope =>
{
// Encrypt the Target.Old.Name property
if (scope.Event.Target?.Old?.GetType().GetProperty("Name") != null)
{
var oldValue = (dynamic)scope.Event.Target.Old;
oldValue.Name = Encrypt(oldValue.Name);
}
// Encrypt the Target.New.Name property
if (scope.Event.Target?.New?.GetType().GetProperty("Name") != null)
{
var newValue = (dynamic)scope.Event.Target.New;
newValue.Name = Encrypt(newValue.Name);
}
}));
You can adapt this approach to other storage providers or implement a different method to modify the values. Here, I'm using dynamic and a bit of reflection to access and update the "Name" property without tightly coupling the logic to a specific object type.
If you know the exact structure of the Target objects, you could simplify the logic by directly working with strongly typed objects. For example:
// Example with a strongly-typed Target
Audit.Core.Configuration.Setup()
.UseFileLogProvider(f => f.Directory(@"C:\Logs"))
.WithCreationPolicy(EventCreationPolicy.InsertOnEnd)
.WithAction(actions => actions.OnEventSaving(scope =>
{
if (scope.Event.Target.Old is Patient targetOld)
{
targetOld.Name = Encrypt(targetOld.Name);
}
if (scope.Event.Target.New is Patient targetNew)
{
targetNew.Name = Encrypt(targetNew.Name);
}
}));
However, the dynamic-reflection approach works well if your Target objects are diverse and you need a generic solution
If you have more details about your scenario, such as the storage mechanism or additional encryption needs, I can tailor the solution more closely to your use case.
—
Reply to this email directly, view it on GitHub <#723 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/A4AH6UB24UE7N45ADXQJAQD2LGERNAVCNFSM6AAAAABVMTJYKGVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCOBXGIZDOOI> .
You are receiving this because you authored the thread. <https://github.com/notifications/beacon/A4AH6UFG2BENV3G7MLZ2TYL2LGERNA5CNFSM6AAAAABVMTJYKGWGG33NNVSW45C7OR4XAZNRIRUXGY3VONZWS33OINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAWUUBO.gif> Message ID: ***@***.*** ***@***.***> >
|
Beta Was this translation helpful? Give feedback.
-
|
If you have an attribute on the properties to encrypt, like this: public record Patient
{
[Secure]
public string SSN { get; set; }
public string Name { get; set; }
}You could use reflection to encrypt the properties in the Target object: Audit.Core.Configuration.AddOnSavingAction(scope =>
{
if (scope.Event.Target?.Type == null || scope.Event.Target.New == null)
{
// No target object
return;
}
var secureProperties = scope.Event.Target.New.GetType()
.GetProperties(BindingFlags.Public | BindingFlags.Instance)
.Where(p => p.GetCustomAttribute<SecureAttribute>() != null);
foreach (var property in secureProperties)
{
if (scope.Event.Target.Old != null)
{
var propValue = property.GetValue(scope.Event.Target.Old);
if (propValue != null)
{
property.SetValue(scope.Event.Target.Old, Encrypt(propValue));
}
}
var newValue = property.GetValue(scope.Event.Target.New);
if (newValue != null)
{
property.SetValue(scope.Event.Target.New, Encrypt(newValue));
}
}
}); |
Beta Was this translation helpful? Give feedback.
-
Is there a way to check the target for a specific field in the object and encrypt it for HIPPA compliance? using a service to audit and NOT EF. Or is there an override I can use to encrypt a piece of data before tracking or saving.
Beta Was this translation helpful? Give feedback.
All reactions