logging

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 20, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package logging provides a stdlib-only slog.Handler decorator that scrubs sensitive values from log attributes before they reach the underlying handler. Operators can wrap any slog.Handler with NewRedactingHandler to gain defence-in-depth PII/secret redaction without modifying call sites.

The redactor matches by attribute key (case-insensitive) against a list of well-known secret field names and replaces the value with a short mask. Nested map, slog.Group, and []any values are walked recursively.

This is a belt-and-braces layer. Hot-path code should still avoid logging secrets explicitly; the redactor exists so that a future code change which accidentally includes a header map or error body in a log statement does not leak credentials.

Index

Constants

This section is empty.

Variables

View Source
var DefaultSensitiveKeys = []string{
	"authorization",
	"api_key",
	"apikey",
	"x-api-key",
	"bearer",
	"token",
	"secret",
	"password",
	"passphrase",
	"cookie",
	"set-cookie",
	"credential",
	"session_token",
	"session_id",
	"session_secret",
	"csrf_token",
	"private_key",
	"privatekey",
	"client_secret",
	"refresh_token",
	"access_token",
	"id_token",
	"x-addon-token",
}

DefaultSensitiveKeys is the built-in list of attribute keys whose values will be masked. Case-insensitive, substring match.

Functions

This section is empty.

Types

type RedactingHandler

type RedactingHandler struct {
	// contains filtered or unexported fields
}

RedactingHandler wraps a slog.Handler and scrubs sensitive values from attributes before delegating to the inner handler.

func NewRedactingHandler

func NewRedactingHandler(inner slog.Handler) *RedactingHandler

NewRedactingHandler wraps inner with the default sensitive-key list and "[REDACTED]" as the replacement value.

func (*RedactingHandler) Enabled

func (h *RedactingHandler) Enabled(ctx context.Context, level slog.Level) bool

Enabled delegates to the inner handler.

func (*RedactingHandler) Handle

func (h *RedactingHandler) Handle(ctx context.Context, r slog.Record) error

Handle scrubs the record's attributes in-place before forwarding to the inner handler. Because slog.Record's Attrs method walks a shared slice we build a new record with the scrubbed attrs.

func (*RedactingHandler) WithAttrs

func (h *RedactingHandler) WithAttrs(attrs []slog.Attr) slog.Handler

WithAttrs scrubs the static attrs applied at handler construction time.

func (*RedactingHandler) WithGroup

func (h *RedactingHandler) WithGroup(name string) slog.Handler

WithGroup delegates to the inner handler.

func (*RedactingHandler) WithMask

func (h *RedactingHandler) WithMask(mask string) *RedactingHandler

WithMask returns a copy that uses a different replacement string.

func (*RedactingHandler) WithSensitiveKeyBoundaryMatching

func (h *RedactingHandler) WithSensitiveKeyBoundaryMatching() *RedactingHandler

WithSensitiveKeyBoundaryMatching returns a copy that only matches configured sensitive keys at identifier boundaries. The default remains substring matching because it is safer for generic log redaction; this opt-in mode is for callers that can tolerate maintaining a more explicit key list and want to avoid false positives such as "tokenizer_results".

func (*RedactingHandler) WithSensitiveKeys

func (h *RedactingHandler) WithSensitiveKeys(keys ...string) *RedactingHandler

WithSensitiveKeys returns a copy that matches additional key patterns. Existing defaults are retained; pass a new handler with WithMask to replace the mask string.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL