I looked at this https://github.com/javabeanz/owasp-security-logging/wiki/Masking
However that is very limited and requires logging statements to be written in a very specific way.
I have created this regex based Logback converter. https://gist.github.com/rahulaga/8bd7ca7b521a7858e86c0a51fffe3f03
Configure it as such
<conversionRule conversionWord="maskedMsg" converterClass="MaskingConverter" /> <property name="CONSOLE_LOG_PATTERN" value="%mdc{TID} %date %-5level [%thread] %logger{0} - %maskedMsg{ password|token, username, apiKey, email }%n" />
I think it would be useful for the community and something anyone could easily drop in.
I looked at this https://github.com/javabeanz/owasp-security-logging/wiki/Masking
However that is very limited and requires logging statements to be written in a very specific way.
I have created this regex based Logback converter. https://gist.github.com/rahulaga/8bd7ca7b521a7858e86c0a51fffe3f03
Configure it as such
<conversionRule conversionWord="maskedMsg" converterClass="MaskingConverter" /> <property name="CONSOLE_LOG_PATTERN" value="%mdc{TID} %date %-5level [%thread] %logger{0} - %maskedMsg{ password|token, username, apiKey, email }%n" />I think it would be useful for the community and something anyone could easily drop in.