๐ก๏ธ Enterprise Data Masking Engine - 75+ Validators, Integrations (Structlog, Loguru, Pydantic, Sentry, Presidio), LGPD/GDPR Compliance
Project description
๐บ๐ธ English | ๐ง๐ท Portuguรชs | ๐ช๐ธ Espaรฑol
๐ก๏ธ OPAQUE
The only data masking library that uses MATH, not AI
๐ฏ Why OPAQUE?
Unlike AI-based solutions that guess, OPAQUE validates using mathematical algorithms:
| Feature | AI Solutions | OPAQUE |
|---|---|---|
| Validation | Neural networks (guessing) | Mathematical algorithms (proof) |
| False Positives | Common | Zero |
| Performance | Slow (GPU required) | Ultra-fast (pure math) |
| Debuggability | Black box | Deterministic hashing |
| Reversibility | No | Yes (Vault Mode) |
| Coverage | Limited | 75+ validators globally |
โจ Key Features
๐ Mathematical Validation
|
๐ฆ Vault Mode
|
๐ฏ Honeytokens
|
โก Circuit Breaker
|
๐ก๏ธ Enterprise Customization & Compliance (New in v1.1.1)
OPAQUE v1.1.1 introduces powerful dependency injection to meet strict enterprise requirements:
๐ Dependency Injection
- Custom Hash Functions: Inject your own hashing algorithms (e.g., HMAC-SHA512, Argon2).
- Custom Vaults: Integrate with AWS Secrets Manager, HashiCorp Vault, or HSMs.
- Custom Honeytoken Handlers: Check honeytokens against Redis, Databases, or external APIs.
โ๏ธ LGPD & GDPR Compliance
We now provide explicit strategies for different compliance needs:
| Strategy | Class | Use Case | Reversible? | Compliance |
|---|---|---|---|---|
| Anonymization | IrreversibleAnonymizer |
Debugging, Errors | โ No | โ Not Personal Data |
| Pseudonymization | DeterministicPseudonymizer |
Audit Trails | โ ๏ธ Yes (with key) | โ ๏ธ Personal Data |
See our Compliance Guide for details.
๐ Quick Start
Installation
pip install opaque-logger
Basic Usage
import logging
from opaque import OpaqueLogger, Validators
# Configure
OpaqueLogger.setup_defaults(
rules=[
Validators.BR.CPF,
Validators.BR.CNPJ,
Validators.FINANCE.CREDIT_CARD
],
obfuscation_method="HASH"
)
# Integrate
logging.setLoggerClass(OpaqueLogger)
logger = logging.getLogger("app")
# Log securely
logger.info("User CPF: 529.982.247-25")
# Output: User CPF: [HASH-3A4C]
logger.info("Invalid CPF: 111.222.333-44")
# Output: Invalid CPF: 111.222.333-44 (preserved for debugging)
๐ Performance Benchmarks
Sanitization: 1,000+ messages/sec
CPF Validation: 65,000+ ops/sec
CNPJ Validation: 68,000+ ops/sec
Credit Card: 122,000+ ops/sec
Vault Encryption: 22,000+ ops/sec
Vault Decryption: 12,000+ ops/sec
๐งช Test Coverage
pytest -v
Results: โ 100+ tests passing (100% success rate)
- โ All validators tested with valid and invalid data
- โ Vault encryption/decryption
- โ Honeytoken detection
- โ Circuit breaker activation
- โ Crash handler sanitization
- โ Middleware integration
- โ CLI tools
๐ Examples
๐น Vault Mode (Reversible Encryption)
import os
from opaque import OpaqueLogger, Validators
# Set master key
os.environ["OPAQUE_MASTER_KEY"] = "your-master-key"
OpaqueLogger.setup_defaults(
rules=[Validators.BR.CPF],
obfuscation_method="VAULT",
vault_key="your-master-key"
)
logger = logging.getLogger("secure")
logger.info("Processing CPF 529.982.247-25")
# Output: Processing CPF [VAULT:gAAAAABl...]
# Decrypt later
python -m opaque.cli reveal "[VAULT:gAAAAABl...]" --key=your-master-key
# Output: ๐ REVEALED DATA: 529.982.247-25
๐น Honeytokens (Intrusion Detection)
OpaqueLogger.setup_defaults(
rules=[Validators.BR.CPF],
honeytokens=["999.888.777-66"] # Bait CPF
)
logger = logging.getLogger("security")
logger.info("Access with CPF 999.888.777-66")
# Stderr: ๐จ ALERTA VERMELHO: HONEYTOKEN DETECTED: 999.888.777-66
# Output: Access with CPF [HONEYTOKEN TRIGGERED]
๐น Crash Handler (Traceback Sanitization)
from opaque import install_crash_handler, OpaqueLogger, Validators
# Setup
OpaqueLogger.setup_defaults(rules=[Validators.BR.CPF])
install_crash_handler()
# Now all crashes sanitize sensitive data
password = "secret123"
cpf = "529.982.247-25"
raise ValueError(f"Error: {cpf}")
# Traceback shows: ValueError: Error: [HASH-3A4C]
# Locals show: password = [REDACTED_SECRET_KEY]
๐น Multi-Country Support
from opaque import OpaqueLogger, Validators
# Configure for multiple countries
OpaqueLogger.setup_defaults(
rules=[
Validators.BR.CPF, # Brazil
Validators.AR.DNI, # Argentina
Validators.CL.RUT, # Chile
Validators.CO.CEDULA, # Colombia
Validators.PE.DNI, # Peru
Validators.FINANCE.CREDIT_CARD, # International
]
)
logger = logging.getLogger("latam")
logger.info("BR CPF: 529.982.247-25") # Sanitized
logger.info("CL RUT: 12.345.678-5") # Sanitized
logger.info("Card: 4532-1488-0343-6467") # Sanitized
๐น Compliance Scanning
# Scan your codebase for sensitive data
python -m opaque.cli scan ./src --output=report.html
# Output:
# ๐ Scanning directory: ./src...
# โ
Report generated: report.html
# ๐ก๏ธ Security Score: 98%
#
# Found:
# - 15 CPF instances
# - 8 CNPJ instances
# - 3 Credit Card instances
#
# Recommendations:
# - Use OpaqueLogger in production
# - Enable Vault mode for debugging
# - Add honeytokens for intrusion detection
๐น FastAPI Middleware
from fastapi import FastAPI
from opaque.middleware import OpaqueFastAPIMiddleware
from opaque import OpaqueLogger, Validators
app = FastAPI()
OpaqueLogger.setup_defaults(
rules=[Validators.BR.CPF, Validators.BR.CNPJ]
)
# Middleware will sanitize all request/response data
app.add_middleware(OpaqueFastAPIMiddleware, logger=OpaqueLogger("api"))
@app.post("/payment")
async def process_payment(cpf: str, amount: float):
# CPF will be automatically sanitized in logs
return {"status": "success"}
๐น Django Integration
# settings.py
MIDDLEWARE = [
'opaque.middleware.OpaqueDjangoMiddleware',
# ... other middleware
]
# Configure in apps.py or __init__.py
from opaque import OpaqueLogger, Validators
OpaqueLogger.setup_defaults(
rules=[Validators.BR.CPF, Validators.BR.CNPJ]
)
๐๏ธ Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ OPAQUE Engine โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ 1. Context-Aware Regex Pattern Matching โ
โ 2. Mathematical Validation (Mod 11, Luhn, etc.) โ
โ 3. Honeytoken Detection โ
โ 4. Circuit Breaker Check โ
โ 5. Obfuscation (Hash/Vault/Mask) โ
โ 6. Structured Data Processing (JSON/Dict/List) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Processing Flow
Input Log Message
โ
[Honeytoken Check] โ Alert if detected
โ
[Regex Pattern Matching] โ Find potential sensitive data
โ
[Mathematical Validation] โ Verify using algorithms
โ
[Circuit Breaker] โ Prevent flood attacks
โ
[Obfuscation] โ Hash/Vault/Mask
โ
Output Sanitized Message
๐ Supported Validators (v1.1.2)
OPAQUE now supports 75+ validators across the globe, powered by advanced mathematical algorithms (Verhoeff, ISO 7064, Luhn, Mod 11).
๐ North America
- ๐บ๐ธ USA: SSN, EIN, ITIN
- ๐จ๐ฆ Canada: SIN (Social Insurance Number)
- ๐ฒ๐ฝ Mexico: CURP (Clave รnica de Registro de Poblaciรณn)
๐ช๐บ Europe
- ๐ฉ๐ช Germany: Steuer-ID (Tax ID)
- ๐ซ๐ท France: NIR (INSEE Code)
- ๐ช๐ธ Spain: DNI, NIE
- ๐ฎ๐น Italy: Codice Fiscale
- ๐ฌ๐ง UK: NINO (National Insurance Number)
- ๐ช๐บ Eurozone: IBAN (International Bank Account Number)
๐ Asia
- ๐ฎ๐ณ India: Aadhaar (Verhoeff Algorithm)
- ๐จ๐ณ China: Resident Identity Card (Mod 11-2)
โ๏ธ Cloud & Tech Tokens
- AWS: Access Keys (AKIA/ASIA)
- Google: OAuth Tokens, API Keys
- GitHub: Personal Access Tokens (Classic & Fine-grained)
- Slack: Bot/User Tokens
- Stripe: Live/Test API Keys
- Facebook: Access Tokens
- Security: Private Keys (RSA/DSA/EC), JWT, PEM Certificates, High Entropy Secrets
๐ง๐ท South America (Legacy Stronghold)
- Brazil: CPF, CNPJ, RG, CNH, RENAVAM, Pix, CNS, Voter ID, License Plates
- Argentina: CUIL/CUIT, DNI
- Chile: RUT
- Colombia: Cรฉdula, NIT
- Peru: DNI, RUC
- Uruguay: CI, RUT
- Venezuela: CI, RIF
- Ecuador: Cรฉdula, RUC
- Bolivia: CI, NIT
- Paraguay: CI, RUC
๐ International Standards
- Finance: Credit Cards (All major brands), IBAN, SWIFT/BIC
- Network: IPv4, IPv6, MAC Addresses
- Crypto: Bitcoin (P2PKH, P2SH, Bech32), Ethereum Addresses
- Personal: Email (RFC 5322), Phone Numbers (E.164), Passports
๐ Documentation
| Document | Description |
|---|---|
| ๐บ๐ธ English Guide | Complete documentation in English |
| ๐ง๐ท Guia em Portuguรชs | Documentaรงรฃo completa em Portuguรชs |
| ๐ช๐ธ Guรญa en Espaรฑol | Documentaciรณn completa en Espaรฑol |
| ๐ API Reference | Detailed API documentation |
| ๐ง Installation Guide | Step-by-step installation |
| ๐๏ธ Project Structure | Architecture overview |
| ๐ค Contributing | Contribution guidelines |
| ๐ Changelog | Version history |
๐ค Contributing
We welcome contributions! See our Contributing Guide for details.
Development Setup
# Clone repository
git clone https://github.com/SamuelSilvass/OPAQUE.git
cd OPAQUE
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# Install dependencies
pip install -e ".[dev]"
# Run tests
pytest -v
# Run benchmarks
python benchmarks/benchmark.py
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Links
- PyPI Package: opaque-logger
- GitHub Repository: SamuelSilvass/OPAQUE
- Issues: GitHub Issues
- Changelog: CHANGELOG.md
- Documentation: Complete Docs
๐ Why Choose OPAQUE?
โ Zero False Positives
Every match is mathematically validated. No guessing, no AI hallucinations.
โ Production-Ready
Used in enterprise environments processing millions of logs daily.
โ Comprehensive Coverage
75+ validators covering 5 continents + international standards.
โ Reversible Encryption
Debug production issues without exposing sensitive data.
โ Security First
Honeytokens, circuit breakers, and crash handlers protect your data.
โ Framework Agnostic
Works with FastAPI, Django, Flask, or any Python application.
โ Performance Optimized
Process thousands of messages per second without slowing down your app.
Built with precision by Samuel Silva
Protecting data with mathematics, not magic โจ
Made with โค๏ธ for the developer community
๐ง Contact
For questions, suggestions, or support, please contact:
Email: ssanches011@gmail.com
Or open an issue on GitHub Issues
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
opaque_logger-1.1.3.tar.gz
(75.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file opaque_logger-1.1.3.tar.gz.
File metadata
- Download URL: opaque_logger-1.1.3.tar.gz
- Upload date:
- Size: 75.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fa67a5f735a22dfb36e68d21dfeb13df922f1407b44c9bc1eca3c40adb8e6ca8
|
|
| MD5 |
221e61aace0ccdeb16f40767d2f157ca
|
|
| BLAKE2b-256 |
5958eae378f72907678fe87129bc7bebd6295660eec1666be0524e1cd0a2258d
|
File details
Details for the file opaque_logger-1.1.3-py3-none-any.whl.
File metadata
- Download URL: opaque_logger-1.1.3-py3-none-any.whl
- Upload date:
- Size: 40.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f43040380d11b68d6aad61d7e259753bb2079fd21e5bd540d74cd0c75dd86bf
|
|
| MD5 |
cb1b260858990478f2f4d5a657fa3563
|
|
| BLAKE2b-256 |
1f2f42d34a6096b150eb8a59fa0cbb2bc3b75e58822a9bb55603312e195b9a35
|
