docs/redaction.md
To redact sensitive information, supply paths to keys that hold sensitive data
using the redact option. Note that paths that contain hyphens need to use
brackets to access the hyphenated property:
const logger = require('.')({\n redact: ['key', 'path.to.key', 'stuff.thats[*].secret', 'path["with-hyphen"]']
})
logger.info({
key: 'will be redacted',
path: {
to: {key: 'sensitive', another: 'thing'}
},
stuff: {
thats: [
{secret: 'will be redacted', logme: 'will be logged'},
{secret: 'as will this', logme: 'as will this'}
]
}
})
This will output:
{"level":30,"time":1527777350011,"pid":3186,"hostname":"Davids-MacBook-Pro-3.local","key":"[Redacted]","path":{"to":{"key":"[Redacted]","another":"thing"}},"stuff":{"thats":[{"secret":"[Redacted]","logme":"will be logged"},{"secret":"[Redacted]","logme":"as will this"}]}}
The redact option can take an array (as shown in the above example) or
an object. This allows control over how information is redacted.
For instance, setting the censor:
const logger = require('.')({\n redact: {
paths: ['key', 'path.to.key', 'stuff.thats[*].secret'],
censor: '**GDPR COMPLIANT**'
}
})
logger.info({
key: 'will be redacted',
path: {
to: {key: 'sensitive', another: 'thing'}
},
stuff: {
thats: [
{secret: 'will be redacted', logme: 'will be logged'},
{secret: 'as will this', logme: 'as will this'}
]
}
})
This will output:
{"level":30,"time":1527778563934,"pid":3847,"hostname":"Davids-MacBook-Pro-3.local","key":"**GDPR COMPLIANT**","path":{"to":{"key":"**GDPR COMPLIANT**","another":"thing"}},"stuff":{"thats":[{"secret":"**GDPR COMPLIANT**","logme":"will be logged"},{"secret":"**GDPR COMPLIANT**","logme":"as will this"}]}}
The redact.remove option also allows for the key and value to be removed from output:
const logger = require('.')({\n redact: {
paths: ['key', 'path.to.key', 'stuff.thats[*].secret'],
remove: true
}
})
logger.info({
key: 'will be redacted',
path: {
to: {key: 'sensitive', another: 'thing'}
},
stuff: {
thats: [
{secret: 'will be redacted', logme: 'will be logged'},
{secret: 'as will this', logme: 'as will this'}
]
}
})
This will output
{"level":30,"time":1527782356751,"pid":5758,"hostname":"Davids-MacBook-Pro-3.local","path":{"to":{"another":"thing"}},"stuff":{"thats":[{"logme":"will be logged"},{"logme":"as will this"}]}}
See pino options in API for redact API details.
<a name="paths"></a>
The syntax for paths supplied to the redact option conform to the syntax in path lookups
in standard ECMAScript, with two additions:
* to denote a wildcardBy way of example, the following are all valid paths:
a.b.ca["b-c"].d["a-b"].ca.b.*a[*].bPino's redaction functionality is built on top of fast-redact
which adds about 2% overhead to JSON.stringify when using paths without wildcards.
When used with pino logger with a single redacted path, any overhead is within noise - a way to deterministically measure its effect has not been found. This is because it is not a bottleneck.
However, wildcard redaction does carry a non-trivial cost relative to explicitly declaring the keys
(50% in a case where four keys are redacted across two objects). See
the fast-redact benchmarks for details.
The redact option is intended as an initialization time configuration option.
Path strings must not originate from user input.
The fast-redact module uses a VM context to syntax check the paths, user input
should never be combined with such an approach. See the fast-redact Caveat
and the fast-redact Approach for in-depth information.