Mask sensitive data in logs

With the large amounts of data being logged, it is important to mask sensitive details such as emails and credit card info while logging. Let us take an example of masking email logs. At my company, previous engineers used to hash the email and then log it! Can you imagine the compute power it took to hash each email every-time? Not to forget the human error, where a developer forgets to hash the email before logging it.

Let’s bring in some aspect oriented approach. We create a custom code, with which each time a message is logged, it automatically checks for sensitive data and masks it. Talk about separating the concerns and reducing human errors!

Let us consider logback for this example. We create a custom PatternLayout which takes the log message and checks for a particular pattern using the regex pattern mentioned in the logback.xml.

package services.utils;

import ch.qos.logback.classic.PatternLayout;
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.core.CoreConstants;
import org.apache.commons.lang3.StringUtils;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;

/**
 * Logback appender to mask a given pattern with a mask value.
 * Both pattern and mask value can be configured in the logback.xml
 * E.g. Sensitive data like emails will be masked to * in the logs.
 * Logback layout:
 * <layout class="main.utils.services.utils.MaskingPatternLayout">
 * <mask>*</mask>
 *…