A decorator to generate secure, well-formatted log entries
Project description
Secure Logger
A Python decorator to generate redacted and nicely formatted log entries. Works on all callables: class, class methods, Python module functions. Recursively redacts Python dictionary key values based on a customizable list of case-insensitive keys. Prevents your sensitive application data like cloud provider key-pairs from leaking into your application logs.
Usage
As a decorator
from secure_logger.decorators import secure_logger
class Foo(object):
@secure_logger()
def bar(self, dict_data, list_data):
pass
# call your method, passing some sensitive data
dict_data = {
'not_a_sensitive_key': 'you-can-see-me',
'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
list_data = ['foo', 'bar']
foo = Foo()
foo.bar(dict_data=dict_data, list_data=list_data)
Log output:
INFO:secure_logger: __main__.Foo().bar() keyword args: {
"dict_data": {
"not_a_sensitive_key": "you-can-see-me",
"aws-access-key-id": "*** -- secure_logger() -- ***",
"aws-secret-access-key": "*** -- secure_logger() -- ***"
},
"list_data": [
"foo",
"bar"
]
}
As library functions
from secure_logger.masked_dict import masked_dict, masked_dict2str
dict_data = {
'not_a_sensitive_key': 'you-can-see-me',
'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
print(masked_dict2str(dict_data))
Output:
{
"not_a_sensitive_key": "you-can-see-me",
"aws-access-key-id": "*** -- secure_logger() -- ***",
"aws-secret-access-key": "*** -- secure_logger() -- ***"
}
Installation
pip install secure-logger
Configuration
secure_logger accepts optional parameters.
- sensitive_keys: a Python list of dictionary keys. Not case sensitive.
- message: a string value that will replace the sensitive key values
- indent: number of characters to indent JSON string output when logging output
class MyClass():
@secure_logger(sensitive_keys=["password", "token", "crown_jewels"], message="***", indent=4)
def another_def(self):
Configuration Defaults
DEFAULT_REDACTION_MESSAGE = "*** -- secure_logger() -- ***"
DEFAULT_INDENT = 4
DEFAULT_SENSITIVE_KEYS = [
"password",
"token",
"client_id",
"client_secret",
"Authorization",
"secret",
"access_key_id",
"secret_access_key",
"access-key-id",
"secret-access-key",
"aws_access_key_id",
"aws_secret_access_key",
"aws-access-key-id",
"aws-secret-access-key",
]
Contributing
Pull requests are welcome, and you can also contact Lawrence McDaniel directly.
Getting Started With Local development
- Use the same virtual environment that you use for edx-platform
- Ensure that your Python interpreter to 3.8x
- install black: https://pypi.org/project/black/
- install flake8: https://flake8.pycqa.org/en/latest/
- install flake8-coding: https://pypi.org/project/flake8-coding/
# Run these from within your edx-platform virtual environment
python3 -m venv venv
source venv/bin/activate
pip install -r requirements/local.txt
pip install pre-commit black flake8
pre-commit install
Local development good practices
- run
blackon modified code before committing. - run
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - run
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics - run
pre-commit run --all-filesbefore pushing. see: https://pre-commit.com/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
secure-logger-0.1.5.tar.gz
(19.2 kB
view hashes)
Built Distribution
Close
Hashes for secure_logger-0.1.5-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d69156abd7348bb5553080e2602170777d28f2585ef7dec9466d5c84683418d2 |
|
| MD5 | e7c6ca73a5e8e849c86cf439437e1622 |
|
| BLAKE2b-256 | 87e08ea70e3810a2e9a0fa0b3e5d6aaa77783460142a175bf4766a23d65e4367 |
