Documentation
¶
Overview ¶
Package logging provides structured logging with built-in redaction for sensitive data.
It uses Go's standard library log/slog package with JSON output format. The redacting handler intercepts all log records and replaces sensitive values (API keys, tokens, passwords, private keys, high-entropy strings) with "[REDACTED]".
Usage:
logger := logging.NewLogger(slog.LevelInfo, os.Stdout)
logger.Info("server started", "addr", ":8080")
logger.Info("request", "api_key", "sk-test-key-1234567890abcdef")
// The API key above will be redacted in output.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewLogger ¶
NewLogger creates a new slog.Logger with JSON output format and redaction enabled.
The logger writes JSON-formatted log records to the given io.Writer. Log records at or above the specified level are emitted. All sensitive values (API keys, tokens, passwords, etc.) are automatically replaced with "[REDACTED]" in the output.
Example:
logger := logging.NewLogger(slog.LevelInfo, os.Stdout)
logger.Info("server starting", "port", 8080)
Types ¶
type RedactingHandler ¶
type RedactingHandler struct {
// contains filtered or unexported fields
}
RedactingHandler is a slog.Handler wrapper that redacts sensitive values from log records before delegating to the underlying handler.
func NewRedactingHandler ¶
func NewRedactingHandler(inner slog.Handler) *RedactingHandler
NewRedactingHandler creates a new RedactingHandler that wraps the given handler.
func (*RedactingHandler) Enabled ¶
Enabled reports whether the handler handles records at the given level. It delegates to the underlying handler.
func (*RedactingHandler) Handle ¶
Handle redacts sensitive values in the log record and delegates to the underlying handler.