🔥 Keep personally identifiable information (PII) out of your logs
logger.info "Hi [email protected]!"
# => Hi [FILTERED]!
By default, scrubs:
- email addresses
- phone numbers
- credit card numbers
- Social Security numbers (SSNs)
- passwords in URLs
Works with all types of logging - Ruby, ActiveRecord, ActiveJob, and more
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? [["email", "[FILTERED]"]]
Works even when sensitive data is URL-encoded
Add this line to your application’s Gemfile:
gem 'logstop'
And add it to your logger:
Logstop.guard(logger)
Create config/initializers/logstop.rb
with:
Logstop.guard(Rails.logger)
To scrub IP addresses, use:
Logstop.guard(logger, ip: true)
Add custom rules with:
scrubber = lambda do |msg|
msg.gsub(/custom_regexp/, "[FILTERED]".freeze)
end
Logstop.guard(logger, scrubber: scrubber)
To scrub outside of logging, use:
Logstop.scrub(msg)
It supports the same options as guard
.
This should be used in addition to config.filtered_parameters
, not as a replacement.
Learn more about securing sensitive data in Rails.
Also:
- To scrub existing log files, check out scrubadub
- To anonymize IP addresses, check out IP Anonymizer
- To scan for unencrypted personal data in your database, check out pdscan
View the changelog
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- Report bugs
- Fix bugs and submit pull requests
- Write, clarify, or fix documentation
- Suggest or add new features
To get started with development and testing:
git clone https://github.com/ankane/logstop.git
cd logstop
bundle install
rake test