UNPKG

pino/docs/redaction.md

Version:

4.16 kBMarkdownView Raw

1# Redaction
2
3> Redaction is not supported in the browser [#670](https://github.com/pinojs/pino/issues/670)
4
5To redact sensitive information, supply paths to keys that hold sensitive data
6using the `redact` option:
7
8```js
9const logger = require('.')({
10  redact: ['key', 'path.to.key', 'stuff.thats[*].secret']
11})
12
13logger.info({
14  key: 'will be redacted',
15  path: {
16    to: {key: 'sensitive', another: 'thing'}
17  },
18  stuff: {
19    thats: [
20      {secret: 'will be redacted', logme: 'will be logged'},
21      {secret: 'as will this', logme: 'as will this'}
22    ]
23  }
24})
25```
26
27This will output:
28
29```JSON
30{"level":30,"time":1527777350011,"pid":3186,"hostname":"Davids-MacBook-Pro-3.local","key":"[Redacted]","path":{"to":{"key":"[Redacted]","another":"thing"}},"stuff":{"thats":[{"secret":"[Redacted]","logme":"will be logged"},{"secret":"[Redacted]","logme":"as will this"}]}}
31```
32
33The `redact` option can take an array (as shown in the above example) or
34an object. This allows control over *how* information is redacted.
35
36For instance, setting the censor:
37
38```js
39const logger = require('.')({
40  redact: {
41    paths: ['key', 'path.to.key', 'stuff.thats[*].secret'],
42    censor: '**GDPR COMPLIANT**'
43  }
44})
45
46logger.info({
47  key: 'will be redacted',
48  path: {
49    to: {key: 'sensitive', another: 'thing'}
50  },
51  stuff: {
52    thats: [
53      {secret: 'will be redacted', logme: 'will be logged'},
54      {secret: 'as will this', logme: 'as will this'}
55    ]
56  }
57})
58```
59
60This will output:
61
62```JSON
63{"level":30,"time":1527778563934,"pid":3847,"hostname":"Davids-MacBook-Pro-3.local","key":"**GDPR COMPLIANT**","path":{"to":{"key":"**GDPR COMPLIANT**","another":"thing"}},"stuff":{"thats":[{"secret":"**GDPR COMPLIANT**","logme":"will be logged"},{"secret":"**GDPR COMPLIANT**","logme":"as will this"}]}}
64```
65
66The `redact.remove` option also allows for the key and value to be removed from output:
67
68```js
69const logger = require('.')({
70  redact: {
71    paths: ['key', 'path.to.key', 'stuff.thats[*].secret'],
72    remove: true
73  }
74})
75
76logger.info({
77  key: 'will be redacted',
78  path: {
79    to: {key: 'sensitive', another: 'thing'}
80  },
81  stuff: {
82    thats: [
83      {secret: 'will be redacted', logme: 'will be logged'},
84      {secret: 'as will this', logme: 'as will this'}
85    ]
86  }
87})
88```
89
90This will output
91
92```JSON
93{"level":30,"time":1527782356751,"pid":5758,"hostname":"Davids-MacBook-Pro-3.local","path":{"to":{"another":"thing"}},"stuff":{"thats":[{"logme":"will be logged"},{"logme":"as will this"}]}}
94```
95
96See [pino options in API](/docs/api.md#redact-array-object) for `redact` API details.
97
98<a name="paths"></a>
99## Path Syntax
100
101The syntax for paths supplied to the `redact` option conform to the syntax in path lookups
102in standard EcmaScript, with two additions:
103
104* paths may start with bracket notation
105* paths may contain the asterisk `*` to denote a wildcard
106
107By way of example, the following are all valid paths:
108
109* `a.b.c`
110* `a["b-c"].d`
111* `["a-b"].c`
112* `a.b.*`
113* `a[*].b`
114
115## Overhead
116
117Pino's redaction functionality is built on top of [`fast-redact`](http://github.com/davidmarkclements/fast-redact)
118which adds about 2% overhead to `JSON.stringify` when using paths without wildcards.
119
120When used with pino logger with a single redacted path, any overhead is within noise -
121a way to deterministically measure it's effect has not been found. This is because its not a bottleneck.
122
123However, wildcard redaction does carry a non-trivial cost relative to explicitly declaring the keys
124(50% in a case where four keys are redacted across two objects). See
125the [`fast-redact` benchmarks](https://github.com/davidmarkclements/fast-redact#benchmarks) for details.
126
127## Safety
128
129The `redact` option is intended as an initialization time configuration option.
130It's extremely important that path strings do not originate from user input.
131The `fast-redact` module uses a VM context to syntax check the paths, user input
132should never be combined with such an approach. See the [`fast-redact` Caveat](https://github.com/davidmarkclements/fast-redact#caveat)
133and the [`fast-redact` Approach](https://github.com/davidmarkclements/fast-redact#approach) for in-depth information.

1	`# Redaction`
2
3	`> Redaction is not supported in the browser [#670](https://github.com/pinojs/pino/issues/670)`
4
5	`To redact sensitive information, supply paths to keys that hold sensitive data`
6	using the `redact` option:
7
8	```js
9	`const logger = require('.')({`
10	`redact: ['key', 'path.to.key', 'stuff.thats[*].secret']`
11	`})`
12
13	`logger.info({`
14	`key: 'will be redacted',`
15	`path: {`
16	`to: {key: 'sensitive', another: 'thing'}`
17	`},`
18	`stuff: {`
19	`thats: [`
20	`{secret: 'will be redacted', logme: 'will be logged'},`
21	`{secret: 'as will this', logme: 'as will this'}`
22	`]`
23	`}`
24	`})`
25	```
26
27	`This will output:`
28
29	```JSON
30	`{"level":30,"time":1527777350011,"pid":3186,"hostname":"Davids-MacBook-Pro-3.local","key":"[Redacted]","path":{"to":{"key":"[Redacted]","another":"thing"}},"stuff":{"thats":[{"secret":"[Redacted]","logme":"will be logged"},{"secret":"[Redacted]","logme":"as will this"}]}}`
31	```
32
33	The `redact` option can take an array (as shown in the above example) or
34	`an object. This allows control over how information is redacted.`
35
36	`For instance, setting the censor:`
37
38	```js
39	`const logger = require('.')({`
40	`redact: {`
41	`paths: ['key', 'path.to.key', 'stuff.thats[*].secret'],`
42	`censor: 'GDPR COMPLIANT'`
43	`}`
44	`})`
45
46	`logger.info({`
47	`key: 'will be redacted',`
48	`path: {`
49	`to: {key: 'sensitive', another: 'thing'}`
50	`},`
51	`stuff: {`
52	`thats: [`
53	`{secret: 'will be redacted', logme: 'will be logged'},`
54	`{secret: 'as will this', logme: 'as will this'}`
55	`]`
56	`}`
57	`})`
58	```
59
60	`This will output:`
61
62	```JSON
63	`{"level":30,"time":1527778563934,"pid":3847,"hostname":"Davids-MacBook-Pro-3.local","key":"GDPR COMPLIANT","path":{"to":{"key":"GDPR COMPLIANT","another":"thing"}},"stuff":{"thats":[{"secret":"GDPR COMPLIANT","logme":"will be logged"},{"secret":"GDPR COMPLIANT","logme":"as will this"}]}}`
64	```
65
66	The `redact.remove` option also allows for the key and value to be removed from output:
67
68	```js
69	`const logger = require('.')({`
70	`redact: {`
71	`paths: ['key', 'path.to.key', 'stuff.thats[*].secret'],`
72	`remove: true`
73	`}`
74	`})`
75
76	`logger.info({`
77	`key: 'will be redacted',`
78	`path: {`
79	`to: {key: 'sensitive', another: 'thing'}`
80	`},`
81	`stuff: {`
82	`thats: [`
83	`{secret: 'will be redacted', logme: 'will be logged'},`
84	`{secret: 'as will this', logme: 'as will this'}`
85	`]`
86	`}`
87	`})`
88	```
89
90	`This will output`
91
92	```JSON
93	`{"level":30,"time":1527782356751,"pid":5758,"hostname":"Davids-MacBook-Pro-3.local","path":{"to":{"another":"thing"}},"stuff":{"thats":[{"logme":"will be logged"},{"logme":"as will this"}]}}`
94	```
95
96	See [pino options in API](/docs/api.md#redact-array-object) for `redact` API details.
97
98	`<a name="paths"></a>`
99	`## Path Syntax`
100
101	The syntax for paths supplied to the `redact` option conform to the syntax in path lookups
102	`in standard EcmaScript, with two additions:`
103
104	`* paths may start with bracket notation`
105	* paths may contain the asterisk `*` to denote a wildcard
106
107	`By way of example, the following are all valid paths:`
108
109	* `a.b.c`
110	* `a["b-c"].d`
111	* `["a-b"].c`
112	* `a.b.*`
113	* `a[*].b`
114
115	`## Overhead`
116
117	Pino's redaction functionality is built on top of [`fast-redact`](http://github.com/davidmarkclements/fast-redact)
118	which adds about 2% overhead to `JSON.stringify` when using paths without wildcards.
119
120	`When used with pino logger with a single redacted path, any overhead is within noise -`
121	`a way to deterministically measure it's effect has not been found. This is because its not a bottleneck.`
122
123	`However, wildcard redaction does carry a non-trivial cost relative to explicitly declaring the keys`
124	`(50% in a case where four keys are redacted across two objects). See`
125	the [`fast-redact` benchmarks](https://github.com/davidmarkclements/fast-redact#benchmarks) for details.
126
127	`## Safety`
128
129	The `redact` option is intended as an initialization time configuration option.
130	`It's extremely important that path strings do not originate from user input.`
131	The `fast-redact` module uses a VM context to syntax check the paths, user input
132	should never be combined with such an approach. See the [`fast-redact` Caveat](https://github.com/davidmarkclements/fast-redact#caveat)
133	and the [`fast-redact` Approach](https://github.com/davidmarkclements/fast-redact#approach) for in-depth information.