A decorator to generate redacted and nicely formatted log entries
Project description
Secure Logger
|Tests| |Source code| |PyPI releases| |License: AGPL v3| |hack.d Lawrence McDaniel|
A Python decorator to generate redacted and nicely formatted log entries. Works on all callables: class, class methods, Python module functions. Recursively redacts Python dictionary key values based on a customizable list of case-insensitive keys. Prevents your sensitive application data like cloud provider key-pairs from leaking into your application logs.
Usage
As a decorator
.. code:: python
from secure_logger.decorators import secure_logger
class Foo(object):
@secure_logger()
def bar(self, dict_data, list_data):
pass
# call your method, passing some sensitive data
dict_data = {
'not_a_sensitive_key': 'you-can-see-me',
'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
list_data = ['foo', 'bar']
foo = Foo()
foo.bar(dict_data=dict_data, list_data=list_data)
Log output:
.. code:: log
INFO:secure_logger: __main__.Foo().bar() keyword args: {
"dict_data": {
"not_a_sensitive_key": "you-can-see-me",
"aws-access-key-id": "*** -- secure_logger() -- ***",
"aws-secret-access-key": "*** -- secure_logger() -- ***"
},
"list_data": [
"foo",
"bar"
]
}
As library functions
.. code:: python
from secure_logger.masked_dict import masked_dict, masked_dict2str
dict_data = { 'not_a_sensitive_key': 'you-can-see-me', 'aws-access-key_id': conf.AWS_ACCESS_KEY_ID, 'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY } print(masked_dict2str(dict_data))
Output:
.. code:: bash
{ "not_a_sensitive_key": "you-can-see-me", "aws-access-key-id": "*** -- secure_logger() -- ", "aws-secret-access-key": " -- secure_logger() -- ***" }
Installation
.. code:: bash
pip install secure-logger
Configuration
secure_logger accepts optional parameters.
- sensitive_keys: a Python list of dictionary keys. Not case sensitive.
- message: a string value that will replace the sensitive key values
- indent: number of characters to indent JSON string output when logging output
.. code:: python
class MyClass():
@secure_logger(sensitive_keys=["password", "token", "crown_jewels"], message="***", indent=4)
def another_def(self):
pass
Configuration Defaults
.. code:: python
DEFAULT_REDACTION_MESSAGE = "*** -- secure_logger() -- ***" DEFAULT_INDENT = 4 DEFAULT_SENSITIVE_KEYS = [ "password", "token", "client_id", "client_secret", "Authorization", "secret", "access_key_id", "secret_access_key", "access-key-id", "secret-access-key", "aws_access_key_id", "aws_secret_access_key", "aws-access-key-id", "aws-secret-access-key", ]
Contributing
Pull requests are welcome, and you can also contact `Lawrence
McDaniel <https://lawrencemcdaniel.com/contact>`__ directly.
Getting Started With Local development
- Use the same virtual environment that you use for edx-platform
- Ensure that your Python interpreter to 3.11
- install black: https://pypi.org/project/black/
- install flake8: https://flake8.pycqa.org/en/latest/
- install flake8-coding: https://pypi.org/project/flake8-coding/
.. code:: bash
Run these from within your edx-platform virtual environment
python3 -m venv venv source venv/bin/activate
pip install -r requirements/local.txt pip install pre-commit black flake8 pre-commit install
Local development good practices ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- run
blackon modified code before committing. - run
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - run
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics - run
pre-commit run --all-filesbefore pushing. see: https://pre-commit.com/
.. |Tests| image:: https://github.com/lpm0073/secure-logger/actions/workflows/tests.yml/badge.svg :target: https://github.com/lpm0073/secure-logger/actions .. |Source code| image:: https://img.shields.io/static/v1?logo=github&label=Git&style=flat-square&color=brightgreen&message=Source%20code :target: https://github.com/lpm0073/secure-logger .. |PyPI releases| image:: https://img.shields.io/pypi/v/secure-logger?logo=python&logoColor=white :target: https://pypi.org/project/secure-logger .. |License: AGPL v3| image:: https://img.shields.io/badge/License-AGPL_v3-blue.svg :target: https://www.gnu.org/licenses/agpl-3.0 .. |hack.d Lawrence McDaniel| image:: https://img.shields.io/badge/hack.d-Lawrence%20McDaniel-orange.svg :target: https://lawrencemcdaniel.com
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file secure-logger-0.1.11.tar.gz.
File metadata
- Download URL: secure-logger-0.1.11.tar.gz
- Upload date:
- Size: 21.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f5d9852a401a109274b8275d95bfb7c6d4ecb72f42baea7d03b04533c95f421b |
|
| MD5 | 8cf456e4dd6488b0f4262f490809ba76 |
|
| BLAKE2b-256 | d68fb5b3ab0c11fc1c5249657864376d390d45a47d99c1b6a6adabf655215a94 |
Provenance
File details
Details for the file secure_logger-0.1.11-py3-none-any.whl.
File metadata
- Download URL: secure_logger-0.1.11-py3-none-any.whl
- Upload date:
- Size: 19.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5cd8372867a969105ba6e3f0d8f3dcfcd8e62ceb6987b5800d0d1a8c4dd1866a |
|
| MD5 | 8f4a7baf3b3ab037647fd1829a0a6d27 |
|
| BLAKE2b-256 | 7e0d658822bbb62d930115be6f23829ed190a26823ff1e5a658232788362dde5 |
