test lint build CodeQL release
A redacting Ruby logger to prevent the leaking of secrets via logs
This Gem wraps the official Ruby
loggerutility
You can download this Gem from GitHub Packages or RubyGems
Via a Gemfile:
source "https://rubygems.org" gem "redacting-logger", "~> X.X.X" # Replace X.X.X with the latest version
require "redacting_logger" # Create a new logger logger = RedactingLogger.new(redact_patterns: [/topsecret/]) # Log a message that contains some redacted pattern logger.info("This is a topsecret message.")
This will output:
I, [timestamp] INFO -- : This is a [REDACTED] message.
require "redacting_logger" # Create a new logger logger = RedactingLogger.new( $stdout, # The device to log to (defaults to $stdout if not provided) redact_patterns: [/REDACTED_PATTERN1/, /REDACTED_PATTERN2/], # An array of Regexp patterns to redact from the logs level: Logger::INFO, # The log level to use redacted_msg: "[REDACTED]", # The message to replace the redacted patterns with use_default_patterns: true # Whether to use the default built-in patterns or not ) # Log a message that contains some redacted patterns logger.info("This is a message with a REDACTED_PATTERN1 and REDACTED_PATTERN2 in it.")
This will output:
I, [timestamp] INFO -- : This is a message with a [REDACTED] and [REDACTED] in it.
This Gem comes pre-built with a few redaction patterns to help you get started. These patterns can be located in lib/patterns/default.rb
A few examples of these patterns are:
- GitHub Personal Access Tokens
- GitHub Temporary Actions Tokens
- RSA Private Keys
- JWT Tokens
You can disable these default patterns with:
logger = RedactingLogger.new( use_default_patterns: false # Whether to use the default built-in patterns or not )