Redaction Plugin Browser Server
The redaction plugin for LogLayer provides a simple way to redact sensitive information from your logs using fast-redact.
It redacts all assembled log data — including metadata, context, error fields, and rootData from raw() calls.
Redaction scope
Because this plugin operates on all assembled data, configured paths will match keys anywhere in the log object — not just in metadata passed to withMetadata(). For example, a path of password will also redact password keys in context data and rootData.
Installation
sh
npm install @loglayer/plugin-redactionsh
pnpm add @loglayer/plugin-redactionsh
yarn add @loglayer/plugin-redactionBasic Usage
typescript
import { LogLayer, ConsoleTransport } from 'loglayer'
import { redactionPlugin } from '@loglayer/plugin-redaction'
const log = new LogLayer({
transport: new ConsoleTransport({
logger: console,
}),
plugins: [
redactionPlugin({
paths: ["password"],
}),
],
})
// The password will be redacted in the output
log.metadataOnly({
password: "123456",
})Configuration Options
Optional Parameters
| Name | Type | Default | Description |
|---|---|---|---|
id | string | - | Unique identifier for the plugin. Used for selectively disabling / enabling and removing the plugin |
disabled | boolean | false | If true, the plugin will skip execution |
paths | string[] | - | An array of strings describing the nested location of a key in an object. See https://www.npmjs.com/package/fast-redact for path syntax |
censor | string | ((v: any) => any) | "[REDACTED]" | This is the value which overwrites redacted properties |
remove | boolean | false | When set to true, will cause keys to be removed from the serialized output |
strict | boolean | false | When set to true, will cause the redactor function to throw if instead of an object it finds a primitive |
Examples
Basic Path Redaction
typescript
const log = new LogLayer({
transport: new ConsoleTransport({
logger: console,
}),
plugins: [
redactionPlugin({
paths: ["password", "creditCard", "ssn"],
}),
],
})
log.metadataOnly({
user: "john",
password: "secret123",
creditCard: "4111111111111111",
ssn: "123-45-6789"
})
// Output:
// {
// "user": "john",
// "password": "[REDACTED]",
// "creditCard": "[REDACTED]",
// "ssn": "[REDACTED]"
// }Nested Path Redaction
typescript
const log = new LogLayer({
transport: new ConsoleTransport({
logger: console,
}),
plugins: [
redactionPlugin({
paths: ["user.password", "payment.*.number"],
}),
],
})
log.metadataOnly({
user: {
name: "john",
password: "secret123"
},
payment: {
credit: {
number: "4111111111111111",
expiry: "12/24"
},
debit: {
number: "4222222222222222",
expiry: "01/25"
}
}
})
// Output:
// {
// "user": {
// "name": "john",
// "password": "[REDACTED]"
// },
// "payment": {
// "credit": {
// "number": "[REDACTED]",
// "expiry": "12/24"
// },
// "debit": {
// "number": "[REDACTED]",
// "expiry": "01/25"
// }
// }
// }Custom Censor Value
typescript
const log = new LogLayer({
transport: new ConsoleTransport({
logger: console,
}),
plugins: [
redactionPlugin({
paths: ["password"],
censor: "***",
}),
],
})
log.metadataOnly({
user: "john",
password: "secret123"
})
// Output:
// {
// "user": "john",
// "password": "***"
// }Remove Instead of Redact
typescript
const log = new LogLayer({
transport: new ConsoleTransport({
logger: console,
}),
plugins: [
redactionPlugin({
paths: ["password"],
remove: true,
}),
],
})
log.metadataOnly({
user: "john",
password: "secret123"
})
// Output:
// {
// "user": "john"
// }Custom Censor Function
typescript
const log = new LogLayer({
transport: new ConsoleTransport({
logger: console,
}),
plugins: [
redactionPlugin({
paths: ["creditCard"],
censor: (value) => {
if (typeof value === 'string') {
return value.slice(-4).padStart(value.length, '*')
}
return '[REDACTED]'
},
}),
],
})
log.metadataOnly({
user: "john",
creditCard: "4111111111111111"
})
// Output:
// {
// "user": "john",
// "creditCard": "************1111"
// }Changelog
View the changelog here.