class
Logit::Redaction
- Logit::Redaction
- Reference
- Object
Overview
Manages sensitive data redaction for log output.
Redaction prevents sensitive information (passwords, tokens, API keys, etc.) from appearing in log output. It works at two levels:
- Global patterns: Regex patterns that apply to all instrumented methods
- Annotation-level: Specific argument names listed in
@[Logit::Log(redact: [...])]
Global Patterns
Add regex patterns that match argument names to be redacted:
# During configuration
Logit.configure do |config|
config.console
config.redact_patterns(/ssn/i, /credit_card/i)
config.redact_common_patterns # password, token, api_key, etc.
end
# Or directly via the Redaction class
Logit::Redaction.add_pattern(/social_security/i)Annotation-Level Redaction
Specify argument names to redact for a specific method:
class AuthService
@[Logit::Log(redact: ["password", "pin"])]
def authenticate(username : String, password : String, pin : String) : Bool
# password and pin values will appear as "[REDACTED]" in logs
end
endCommon Patterns
.enable_common_patterns adds patterns for commonly sensitive argument names:
- password, passwd
- secret
- token
- api_key, apikey
- auth
- credential
- private_key, privatekey
- access_key, accesskey
- bearer
Defined in:
logit/redaction.crConstant Summary
-
REDACTED_VALUE =
"[REDACTED]" -
The replacement value for redacted data.
Class Method Summary
-
.add_pattern(pattern : Regex) : Nil
Adds a regex pattern for argument name matching.
-
.add_patterns(*patterns : Regex) : Nil
Adds multiple regex patterns at once.
-
.clear_patterns : Nil
Clears all global redaction patterns.
-
.enable_common_patterns : Nil
Enables a set of commonly-needed security patterns.
-
.patterns : Array(Regex)
Returns a copy of the current global patterns.
-
.should_redact?(arg_name : String) : Bool
Checks if an argument name matches any global redaction pattern.
-
.should_redact_key?(key : String) : Bool
Alias for
.should_redact?for key-based checks.
Class Method Detail
Adds a regex pattern for argument name matching.
Any argument whose name matches this pattern will have its value
replaced with [REDACTED] in log output.
Logit::Redaction.add_pattern(/credit_card/i)Adds multiple regex patterns at once.
Logit::Redaction.add_patterns(/ssn/i, /dob/i, /address/i)Clears all global redaction patterns.
Useful for testing or reconfiguration.
Enables a set of commonly-needed security patterns.
Adds patterns matching: password, passwd, secret, token, api_key, auth, credential, private_key, access_key, bearer.
All patterns are case-insensitive.
Logit::Redaction.enable_common_patternsReturns a copy of the current global patterns.
Thread-safe; returns a duplicate array.
Checks if an argument name matches any global redaction pattern.
Returns true if the value should be replaced with [REDACTED].