Metadata-Version: 2.1
Name: secure-logger
Version: 0.1.6
Summary: A decorator to generate secure, well-formatted log entries
Home-page: https://github.com/lpm0073/secure-logger
Author: Lawrence McDaniel
Author-email: Lawrence McDaniel <lpm0073@gmail.com>
Maintainer: Lawrence McDaniel
Maintainer-email: lpm0073@gmail.com
License: AGPLv3
Project-URL: Homepage, https://pypi.org/project/secure-logger/
Project-URL: Documentation, https://pypi.org/project/secure-logger/
Project-URL: Repository, https://github.com/lpm0073/secure-logger
Project-URL: Changelog, https://github.com/lpm0073/secure-logger/blob/main/CHANGELOG.md
Project-URL: Bug Tracker, https://github.com/lpm0073/secure-logger/issues
Keywords: Python,Logger
Platform: any
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Utilities
Requires-Python: >=3.6
Description-Content-Type: text/markdown
License-File: LICENSE.txt
Requires-Dist: validators
Provides-Extra: local
Requires-Dist: pre-commit ; extra == 'local'
Requires-Dist: black ; extra == 'local'
Requires-Dist: flake8 ; extra == 'local'
Requires-Dist: ipython ; extra == 'local'

# Secure Logger

[![Tests](https://github.com/lpm0073/secure-logger/actions/workflows/tests.yml/badge.svg)](https://github.com/lpm0073/secure-logger/actions)
[![Source code](https://img.shields.io/static/v1?logo=github&label=Git&style=flat-square&color=brightgreen&message=Source%20code)](https://github.com/lpm0073/secure-logger)
[![PyPI releases](https://img.shields.io/pypi/v/secure-logger?logo=python&logoColor=white)](https://pypi.org/project/secure-logger)
[![License: AGPL v3](https://img.shields.io/badge/License-AGPL_v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)
[![hack.d Lawrence McDaniel](https://img.shields.io/badge/hack.d-Lawrence%20McDaniel-orange.svg)](https://lawrencemcdaniel.com)

A Python decorator to generate redacted and nicely formatted log entries. Works on all callables: class, class methods, Python module functions. Recursively redacts Python dictionary key values based on a customizable list of case-insensitive keys. Prevents your sensitive application data like cloud provider key-pairs from leaking into your application logs.

## Usage

### As a decorator

```python
from secure_logger.decorators import secure_logger

class Foo(object):

    @secure_logger()
    def bar(self, dict_data, list_data):
        pass

# call your method, passing some sensitive data
dict_data = {
    'not_a_sensitive_key': 'you-can-see-me',
    'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
    'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
list_data = ['foo', 'bar']
foo = Foo()
foo.bar(dict_data=dict_data, list_data=list_data)
```

Log output:

```log
INFO:secure_logger: __main__.Foo().bar()  keyword args: {
    "dict_data": {
        "not_a_sensitive_key": "you-can-see-me",
        "aws-access-key-id": "*** -- secure_logger() -- ***",
        "aws-secret-access-key": "*** -- secure_logger() -- ***"
    },
    "list_data": [
        "foo",
        "bar"
    ]
}
```

### As library functions

```python
from secure_logger.masked_dict import masked_dict, masked_dict2str

dict_data = {
    'not_a_sensitive_key': 'you-can-see-me',
    'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
    'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
print(masked_dict2str(dict_data))
```

Output:

```bash
{
    "not_a_sensitive_key": "you-can-see-me",
    "aws-access-key-id": "*** -- secure_logger() -- ***",
    "aws-secret-access-key": "*** -- secure_logger() -- ***"
}
```

## Installation

```bash
pip install secure-logger
```

## Configuration

secure_logger accepts optional parameters.

- sensitive_keys: a Python list of dictionary keys. Not case sensitive.
- message: a string value that will replace the sensitive key values
- indent: number of characters to indent JSON string output when logging output

```python
class MyClass():

    @secure_logger(sensitive_keys=["password", "token", "crown_jewels"], message="***", indent=4)
    def another_def(self):
```

## Configuration Defaults

```python
DEFAULT_REDACTION_MESSAGE = "*** -- secure_logger() -- ***"
DEFAULT_INDENT = 4
DEFAULT_SENSITIVE_KEYS = [
    "password",
    "token",
    "client_id",
    "client_secret",
    "Authorization",
    "secret",
    "access_key_id",
    "secret_access_key",
    "access-key-id",
    "secret-access-key",
    "aws_access_key_id",
    "aws_secret_access_key",
    "aws-access-key-id",
    "aws-secret-access-key",
]
```


### Contributing

Pull requests are welcome, and you can also contact [Lawrence McDaniel](https://lawrencemcdaniel.com/contact) directly.

### Getting Started With Local development

- Use the same virtual environment that you use for edx-platform
- Ensure that your Python interpreter to 3.8x
- install black: <https://pypi.org/project/black/>
- install flake8: <https://flake8.pycqa.org/en/latest/>
- install flake8-coding: <https://pypi.org/project/flake8-coding/>

```bash
# Run these from within your edx-platform virtual environment
python3 -m venv venv
source venv/bin/activate

pip install -r requirements/local.txt
pip install pre-commit black flake8
pre-commit install
```

#### Local development good practices

- run `black` on modified code before committing.
- run `flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics`
- run `flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics`
- run `pre-commit run --all-files` before pushing. see: <https://pre-commit.com/>
