Skip to content

bernardcooke53/misprint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

.github

.github

 
 

src/misprint

src/misprint

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

misprint

PyPI - Version PyPI - Python Version

An integration with the Python standard library's logging module that masks secrets in log messages before they are emitted. This project was heavily inspired by an excellent blog post which has been updated/adapted for modern Python versions.

Misprint is fully type-annotated for easier integration with mypy.

Table of Contents

Installation

pip install misprint

License

misprint is distributed under the terms of the MIT license.

Usage

misprint.Misprinter

You can use the Misprinter class to redact exact string matches or regular expressions within a string:

misprinter = Misprinter(token=["my_secret_token", re.compile(r"^ghp_\w+")])

assert misprinter.mask("this is my_secret_token") == "this is ****"
assert (
    misprinter.mask("github tokens: ghp_abc123 ghp_def456")
    == "github tokens: **** ****"
)

If you need to add a mask for new data to an existing instance then you can use the add_mask_for method:

misprinter = Misprinter()
assert misprinter.mask("a secret1234") == "a secret1234"

misprinter.add_mask_for("secret1234")
assert misprinter.mask("a secret1234") == "a ****"

You can also initialise your Misprinter instance with use_named_masks=True if you would like to be able to identify what data has been masked more easily:

misprinter = Misprinter(use_named_masks=True)
misprinter.add_mask_for("another_secret", name="database password")

assert (
    misprinter.mask("printing another_secret")
    == "printing <'database password' (value removed)>"
)

misprint.MisprintFilter

misprint also provides a logging.Filter subclass, which integrates with the Python standard library's logging module to enable redaction of log messages.

MisprintFilter is a subclass of Misprinter, so inherits all of the methods detailed above. This is useful, as the filter can be connected to the loggers that are configured for a program at startup, and new secrets can be conveniently added to the filter to be redacted in the logs:

import logging
import sys

import misprint

logging.basicConfig(
    datefmt="[%X]",
    handlers=[logging.StreamHandler(sys.stderr)],  # plus others
)

misprinter = misprint.MisprintFilter()

for handler in logging.getLogger().handlers:
    handler.addFilter(misprinter)

A_TOKEN = "asdf1234"

misprinter.add_mask_for(A_TOKEN)

log.error("Bad token: %s", A_TOKEN)

About

A logging filter that hides your secrets. Integrates with Python's logging module.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages