redacting-logger

redacting-logger

A redacting Ruby logger to prevent the leaking of secrets via logs

This Gem wraps the official Ruby logger utility

Installation 💎

You can download this Gem from GitHub Packages or RubyGems

Via a Gemfile:

source "https://rubygems.org"

gem "redacting-logger", "~> X.X.X" # Replace X.X.X with the latest version

Usage 💻

Basic

require "redacting_logger"

# Create a new logger
logger = RedactingLogger.new(redact_patterns: [/topsecret/])

# Log a message that contains some redacted pattern
logger.info("This is a topsecret message.")

This will output:

I, [timestamp]  INFO -- : This is a [REDACTED] message.

Advanced

require "redacting_logger"

# Create a new logger
logger = RedactingLogger.new(
  $stdout, # The device to log to (defaults to $stdout if not provided)
  redact_patterns: [/REDACTED_PATTERN1/, /REDACTED_PATTERN2/], # An array of Regexp patterns to redact from the logs
  level: Logger::INFO, # The log level to use
  redacted_msg: "[REDACTED]", # The message to replace the redacted patterns with
  use_default_patterns: true # Whether to use the default built-in patterns or not
)

# Log a message that contains some redacted patterns
logger.info("This is a message with a REDACTED_PATTERN1 and REDACTED_PATTERN2 in it.")

This will output:

I, [timestamp]  INFO -- : This is a message with a [REDACTED] and [REDACTED] in it.

Default Redaction Patterns

This Gem comes pre-built with a few redaction patterns to help you get started. These patterns can be located in lib/patterns/default.rb

A few examples of these patterns are:

• GitHub Personal Access Tokens
• GitHub Temporary Actions Tokens
• RSA Private Keys
• JWT Tokens

You can disable these default patterns with:

logger = RedactingLogger.new(
  use_default_patterns: false # Whether to use the default built-in patterns or not
)