/masking.serilog

Masking sensitive information during logging to Serilog by hiding individual properties

Primary LanguageC#Apache License 2.0Apache-2.0

Masking.Serilog 🎭

Masking sensitive information during logging to Serilog by hiding individual properties.

.NET NuGet version

Install from NuGet:

Install-Package Masking.Serilog

Mark properties to mask:

Log.Logger = new LoggerConfiguration()
    .Destructure.ByMaskingProperties("Password", "Token")
    .CreateLogger()

or

Log.Logger = new LoggerConfiguration()
    .Destructure.ByMaskingProperties(opts =>
    {
        opts.PropertyNames.Add("Password");
        opts.PropertyNames.Add("Token");
        opts.Mask = "******";
    })
    .CreateLogger()

When types are destructured, listed properties will be covered up with mask:

Log.Information("Logged on {@User}", new User { Username = "sudo", Password = "SuperAdmin" });

// Prints `Logged on User { Username: "sudo", Password: "******" }`

You can ignore masking for given namespaces by including them within the Masking Options configuration, as shown in the example below. This is especially helpful when dealing with complex objects which often results in performance issues.

Log.Logger = new LoggerConfiguration()
    .Destructure.ByMaskingProperties(opts =>
    {
        opts.PropertyNames.Add("Password");
        opts.PropertyNames.Add("Token");
        opts.Mask = "******";
        opts.IgnoredNamespaces.Add("System.Net.Http");
    })
    .CreateLogger()

Please note that this is an explicit whitelist implementation, this helps to avoid mistakes resulting in exposure of sensitive data.