logmasker

package
v1.13.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package logmasker provides centralized log masking functionality for the Modular framework.

This module wraps the Logger interface to provide configurable masking rules that can redact sensitive information from log output. It supports both field-based masking rules and value wrappers that can determine their own redaction behavior.

Features

The logmasker module offers the following capabilities:

  • Logger decorator that wraps any modular.Logger implementation
  • Configurable field-based masking rules
  • Regex pattern matching for sensitive data
  • MaskableValue interface for self-determining value masking
  • Multiple masking strategies (redact, partial mask, hash)
  • Performance optimized for production use

Configuration

The module can be configured through the LogMaskerConfig structure: 

config := &LogMaskerConfig{
    Enabled: true,
    DefaultMaskStrategy: "redact",
    FieldRules: []FieldMaskingRule{
        {
            FieldName: "password",
            Strategy:  "redact",
        },
        {
            FieldName: "email",
            Strategy:  "partial",
            PartialConfig: &PartialMaskConfig{
                ShowFirst: 2,
                ShowLast:  2,
                MaskChar:  "*",
            },
        },
    },
    PatternRules: []PatternMaskingRule{
        {
            Pattern:  `\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b`,
            Strategy: "redact",
        },
    },
}

Usage Examples

Basic usage as a service wrapper: 

// Get the original logger
var originalLogger modular.Logger
app.GetService("logger", &originalLogger)

// Get the masking logger service
var maskingLogger modular.Logger
app.GetService("logmasker.logger", &maskingLogger)

// Use the masking logger
maskingLogger.Info("User login", "email", "user@example.com", "password", "secret123")
// Output: "User login" email="us*****.com" password="[REDACTED]"

Index

Constants

View Source 
const (
	// Module lifecycle events
	EventTypeModuleStarted = "com.modular.logmasker.started"
	EventTypeModuleStopped = "com.modular.logmasker.stopped"

	// Configuration events
	EventTypeConfigLoaded    = "com.modular.logmasker.config.loaded"
	EventTypeConfigValidated = "com.modular.logmasker.config.validated"
	EventTypeRulesUpdated    = "com.modular.logmasker.rules.updated"

	// Masking operation events
	EventTypeMaskingApplied = "com.modular.logmasker.masking.applied"
	EventTypeMaskingSkipped = "com.modular.logmasker.masking.skipped"
	EventTypeFieldMasked    = "com.modular.logmasker.field.masked"
	EventTypePatternMatched = "com.modular.logmasker.pattern.matched"
	EventTypeMaskingError   = "com.modular.logmasker.masking.error"
)

Event type constants for LogMasker module Following CloudEvents specification with reverse domain notation

View Source 
const (
	// ServiceName is the name of the masking logger service.
	ServiceName = "logmasker.logger"

	// ModuleName is the name of the log masker module.
	ModuleName = "logmasker"
)

Variables

View Source 
var ErrInvalidConfigType = errors.New("invalid config type for log masker")

ErrInvalidConfigType indicates the configuration type is incorrect for this module.

Functions

This section is empty.

Types

type FieldMaskingRule 

type FieldMaskingRule struct {
	// FieldName is the exact field name to match (case-sensitive).
	FieldName string `yaml:"fieldName" json:"fieldName" desc:"Field name to mask"`

	// Strategy defines how to mask this field.
	Strategy MaskStrategy `yaml:"strategy" json:"strategy" desc:"Masking strategy to use"`

	// PartialConfig provides configuration for partial masking.
	PartialConfig *PartialMaskConfig `yaml:"partialConfig,omitempty" json:"partialConfig,omitempty" desc:"Configuration for partial masking"`
}

FieldMaskingRule defines masking rules for specific field names.

type LogMaskerConfig 

type LogMaskerConfig struct {
	// Enabled controls whether log masking is active.
	Enabled bool `yaml:"enabled" json:"enabled" default:"true" desc:"Enable log masking"`

	// DefaultMaskStrategy is used when no specific rule matches.
	DefaultMaskStrategy MaskStrategy `yaml:"defaultMaskStrategy" json:"defaultMaskStrategy" default:"redact" desc:"Default masking strategy"`

	// FieldRules defines masking rules for specific field names.
	FieldRules []FieldMaskingRule `yaml:"fieldRules" json:"fieldRules" desc:"Field-based masking rules"`

	// PatternRules defines masking rules based on regex patterns.
	PatternRules []PatternMaskingRule `yaml:"patternRules" json:"patternRules" desc:"Pattern-based masking rules"`

	// DefaultPartialConfig provides default settings for partial masking.
	DefaultPartialConfig PartialMaskConfig `yaml:"defaultPartialConfig" json:"defaultPartialConfig" desc:"Default partial masking configuration"`
}

LogMaskerConfig defines the configuration for the log masking module.

type LogMaskerModule 

type LogMaskerModule struct {
	// contains filtered or unexported fields
}

LogMaskerModule implements the modular.Module interface to provide log masking functionality.

func NewModule 

func NewModule() *LogMaskerModule

NewModule creates a new log masker module instance.

func (*LogMaskerModule) Dependencies 

func (m *LogMaskerModule) Dependencies() []string

Dependencies returns the list of module dependencies.

func (*LogMaskerModule) GetRegisteredEventTypes 

func (m *LogMaskerModule) GetRegisteredEventTypes() []string

GetRegisteredEventTypes implements the ObservableModule interface. Returns all event types that this logmasker module can emit.

func (*LogMaskerModule) Init 

func (m *LogMaskerModule) Init(app modular.Application) error

Init initializes the module.

func (*LogMaskerModule) Name 

func (m *LogMaskerModule) Name() string

Name returns the module name.

func (*LogMaskerModule) ProvidesServices 

func (m *LogMaskerModule) ProvidesServices() []modular.ServiceProvider

ProvidesServices declares what services this module provides.

func (*LogMaskerModule) RegisterConfig 

func (m *LogMaskerModule) RegisterConfig(app modular.Application) error

RegisterConfig registers the module's configuration.

type MaskStrategy 

type MaskStrategy string

MaskStrategy defines the type of masking to apply. 

const (
	// MaskStrategyRedact replaces the entire value with "[REDACTED]".
	MaskStrategyRedact MaskStrategy = "redact"

	// MaskStrategyPartial shows only part of the value, masking the rest.
	MaskStrategyPartial MaskStrategy = "partial"

	// MaskStrategyHash replaces the value with a hash.
	MaskStrategyHash MaskStrategy = "hash"

	// MaskStrategyNone does not mask the value.
	MaskStrategyNone MaskStrategy = "none"
)

type MaskableValue 

type MaskableValue interface {
	// ShouldMask returns true if this value should be masked in logs.
	ShouldMask() bool

	// GetMaskedValue returns the masked representation of this value.
	// If ShouldMask() returns false, this method may not be called.
	GetMaskedValue() any

	// GetMaskStrategy returns the preferred masking strategy for this value.
	// Can return an empty string to use the default strategy.
	GetMaskStrategy() MaskStrategy
}

MaskableValue is an interface that values can implement to control their own masking behavior. This allows for anytype-compatible value wrappers to determine if they should be redacted.

type MaskingLogger 

type MaskingLogger struct {
	*modular.BaseLoggerDecorator
	// contains filtered or unexported fields
}

MaskingLogger implements modular.LoggerDecorator with masking capabilities. It extends BaseLoggerDecorator to leverage the framework's decorator infrastructure.

func (*MaskingLogger) Debug 

func (l *MaskingLogger) Debug(msg string, args ...any)

Debug logs a debug message with masking applied to arguments.

func (*MaskingLogger) Error 

func (l *MaskingLogger) Error(msg string, args ...any)

Error logs an error message with masking applied to arguments.

func (*MaskingLogger) Info 

func (l *MaskingLogger) Info(msg string, args ...any)

Info logs an informational message with masking applied to arguments.

func (*MaskingLogger) Warn 

func (l *MaskingLogger) Warn(msg string, args ...any)

Warn logs a warning message with masking applied to arguments.

type PartialMaskConfig 

type PartialMaskConfig struct {
	// ShowFirst is the number of characters to show at the beginning.
	ShowFirst int `yaml:"showFirst" json:"showFirst" default:"0" desc:"Number of characters to show at start"`

	// ShowLast is the number of characters to show at the end.
	ShowLast int `yaml:"showLast" json:"showLast" default:"0" desc:"Number of characters to show at end"`

	// MaskChar is the character to use for masking.
	MaskChar string `yaml:"maskChar" json:"maskChar" default:"*" desc:"Character to use for masking"`

	// MinLength is the minimum length before applying partial masking.
	MinLength int `yaml:"minLength" json:"minLength" default:"4" desc:"Minimum length before applying partial masking"`
}

PartialMaskConfig defines how to partially mask a value.

type PatternMaskingRule 

type PatternMaskingRule struct {
	// Pattern is the regular expression to match against string values.
	Pattern string `yaml:"pattern" json:"pattern" desc:"Regular expression pattern to match"`

	// Strategy defines how to mask values matching this pattern.
	Strategy MaskStrategy `yaml:"strategy" json:"strategy" desc:"Masking strategy to use"`

	// PartialConfig provides configuration for partial masking.
	PartialConfig *PartialMaskConfig `yaml:"partialConfig,omitempty" json:"partialConfig,omitempty" desc:"Configuration for partial masking"`
	// contains filtered or unexported fields
}

PatternMaskingRule defines masking rules based on regex patterns.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.