Logredact is a Logrus hook for removing sensitive information from log entries. This module can help you protect secrets in your logs by redacting them before the logs are written.
To install the logredact, run the following command:
go get github.com/eddort/logredactTo use the logredact, import it in your Go code and add it to your Logrus logger. Here's an example:
package main
import (
"github.com/eddort/logredact"
"github.com/sirupsen/logrus"
)
func main() {
logger := logrus.New()
secrets := []string{"supersecret", "anothersecret"}
secretHook := logredact.New(secrets, "***")
logger.AddHook(secretHook)
logger.Info("This log entry contains a supersecret token.")
}In this example, we create a new Logrus logger, create a new secret remover hook with a list of secrets to redact, and add the hook to the logger. When we log an entry containing one of the secrets, the hook will replace the secret with ***.
Example with Go structure logging:
package main
import (
"github.com/sirupsen/logrus"
"github.com/eddort/logredact"
)
type MyStruct struct {
Username string
Password string
}
func main() {
logger := logrus.New()
logger.SetFormatter(&logrus.JSONFormatter{})
secrets := []string{"mysecret1", "mysecret2"}
hook := logredact.New(secrets)
logger.AddHook(hook)
logger.Info("This is a log entry with mysecret1 and mysecret2")
myData := MyStruct{
Username: "myuser",
Password: "mysecret1",
}
// Logging an object with sensitive data using WithFields
logger.WithFields(logrus.Fields{
"my_struct": myData,
}).Info("Logging a Go struct with sensitive data")
}The logredact takes an array of strings as first argument and replacer as the second argument. These strings represent the secrets you want to remove from your log entries. You can add as many secrets as needed:
secrets := []string{"secret1", "secret2", "secret3"}
secretHook := logredact.New(secrets, "***")If you'd like to contribute to the project, feel free to submit a pull request or open an issue.
This module is released under the MIT License.