Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fullstackwithlawrence/secure-logger
A Python decorator to generate redacted and nicely formatted log entries
https://github.com/fullstackwithlawrence/secure-logger
12-factor actions ci ci-cd dependabot flake8 logging makefile mergify pre-commit pre-commit-hook prettier pylint pypi-package python python3 semantic-release test-automation tox
Last synced: about 2 months ago
JSON representation
A Python decorator to generate redacted and nicely formatted log entries
- Host: GitHub
- URL: https://github.com/fullstackwithlawrence/secure-logger
- Owner: FullStackWithLawrence
- License: agpl-3.0
- Created: 2023-04-25T18:23:08.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-01T14:37:36.000Z (3 months ago)
- Last Synced: 2024-11-24T19:56:23.255Z (2 months ago)
- Topics: 12-factor, actions, ci, ci-cd, dependabot, flake8, logging, makefile, mergify, pre-commit, pre-commit-hook, prettier, pylint, pypi-package, python, python3, semantic-release, test-automation, tox
- Language: Python
- Homepage: https://pypi.org/project/secure-logger/
- Size: 377 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# Secure Logger
[](https://www.youtube.com/@FullStackWithLawrence)
[](https://www.python.org/)
[](./doc/Twelve_Factor_Methodology.md)
[](https://github.com/FullStackWithLawrence/secure-logger/actions)
[](https://github.com/FullStackWithLawrence/secure-logger)
[](https://github.com/FullStackWithLawrence/secure-logger/releases)
[](https://pypi.org/project/secure-logger)
[](https://www.gnu.org/licenses/agpl-3.0)
[](https://lawrencemcdaniel.com)
A Python decorator to generate redacted and nicely formatted log
entries. Works on all callables: class, class methods, Python module
functions. Recursively redacts Python dictionary key values based on a
customizable list of case-insensitive keys. Prevents your sensitive
application data like cloud provider key-pairs from leaking into your
application logs.
## Installation
```bash
pip install secure-logger
```
## Usage
### As a decorator
```python
from secure_logger.decorators import secure_logger
import logging
logging.getLogger(__name__)
logging.basicConfig(level=logging.INFO)
class Foo(object):
@secure_logger(log_level='INFO')
def bar(self, dict_data, list_data):
pass
# call your method, passing some sensitive data
dict_data = {
"not_a_sensitive_key": "you-can-see-me",
"aws-access-key-id": "i-am-hidden",
"aws-secret-access-key": "so-am-i",
}
list_data = ["foo", "bar"]
foo = Foo()
foo.bar(dict_data=dict_data, list_data=list_data)
```
Log output:
```console
INFO:secure_logger: __main__.bar() ['<__main__.Foo object at 0x103474ac0>'] keyword args: {
"dict_data": {
"not_a_sensitive_key": "you-can-see-me",
"aws-access-key-id": "*** -- secure_logger() -- ***",
"aws-secret-access-key": "*** -- secure_logger() -- ***"
},
"list_data": [
"foo",
"bar"
]
```
### As library functions
```python
from secure_logger.masked_dict import masked_dict, masked_dict2str
dict_data = {
'not_a_sensitive_key': 'you-can-see-me',
'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
print(masked_dict2str(dict_data))
```
Output:
```bash
{
"not_a_sensitive_key": "you-can-see-me",
"aws-access-key-id": "*** -- secure_logger() -- ***",
"aws-secret-access-key": "*** -- secure_logger() -- ***"
}
```
## Configuration
secure_logger accepts optional parameters which you can configure as either bash environment variables or with a .env file placed in the root of your project
- **SECURE_LOGGER_SENSITIVE_KEYS**: a Python list of dictionary keys. Not case sensitive.
- **SECURE_LOGGER_REDACTION_MESSAGE**: a string value that will replace the sensitive key values
- **SECURE_LOGGER_INDENTATION**: number of characters to indent JSON string output when logging output
- **SECURE_LOGGER_LOG_LEVEL**: the level at which secure_logger generates log entries. One of: 'CRITICAL', 'FATAL', 'ERROR', 'WARN', 'WARNING', 'INFO', 'DEBUG'
Additionally, you can override individual invocations of the decorator with custom parameters:
```python
class MyClass():
@secure_logger(log_level='DEBUG', sensitive_keys=["password", "apikey", "crown_jewels"], message="*** -- TOP SECRET -- ***", indent=4)
def another_function(self, password: str, apikey: str, crown_jewels: List(dict)):
pass
```
## Configuration Defaults
```python
SECURE_LOGGER_REDACTION_MESSAGE = "*** -- secure_logger() -- ***"
SECURE_LOGGER_INDENTATION = 4
SECURE_LOGGER_SENSITIVE_KEYS = [
"password",
"token",
"client_id",
"client_secret",
"Authorization",
"secret",
"access_key_id",
"secret_access_key",
"access-key-id",
"secret-access-key",
"aws_access_key_id",
"aws_secret_access_key",
"aws-access-key-id",
"aws-secret-access-key",
]
SECURE_LOGGER_LOG_LEVEL = 'DEBUG'
```
## Contributing
Pull requests are welcomed and encouraged!
- This project uses an automated [Pull Request](.github/workflows/pullRequestController.yml) CI/CD process.
- This project conforms to [12-Factor Methodology](./doc/Twelve_Factor_Methodology.md).
- This project uses [Semantic Versioning](./doc/SEMANTIC_VERSIONING.md) which requires that git commit messages follow strict (but easy to learn) formatting rules.
Contact: [Lawrence McDaniel](https://lawrencemcdaniel.com/contact).