PHPackages globyapp/hash-sensitive - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Logging & Monitoring](/categories/logging) 4. / 5. globyapp/hash-sensitive ActiveLibrary[Logging & Monitoring](/categories/logging) globyapp/hash-sensitive ======================= Monolog processor to protect sensitive information from logging by hashing the values v1.1.1(5mo ago)02.3k↑267.9%[1 issues](https://github.com/Globy-App/hash-sensitive/issues)MITPHPPHP >=8.4CI passing Since Feb 3Pushed 4mo agoCompare [ Source](https://github.com/Globy-App/hash-sensitive)[ Packagist](https://packagist.org/packages/globyapp/hash-sensitive)[ RSS](/packages/globyapp-hash-sensitive/feed)WikiDiscussions main Synced 3w ago READMEChangelog (4)Dependencies (7)Versions (14)Used By (0) Hash Sensitive ============== [](#hash-sensitive) Monolog processor to protect sensitive information from logging by hashing the values. [![Packagist Version](https://camo.githubusercontent.com/83e6ea11717c6cfc3668fabe2edf50c50127e67fd4f1ce03066c31af16e42361/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f676c6f62796170702f686173682d73656e736974697665)](https://packagist.org/packages/globyapp/hash-sensitive) [![Packagist](https://camo.githubusercontent.com/7a50316ca3c7c6e120fc6ef84dddffea280df96d4d21345974567f3f1e278947/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f676c6f62796170702f686173682d73656e736974697665)](https://github.com/globyapp/hash-sensitive/blob/master/LICENSE) [![PHP from Packagist](https://camo.githubusercontent.com/6cc7ab2d6f40f16ec25122bdfc3af1067656c15afd2e7892202caf44a341cc24/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f676c6f62796170702f686173682d73656e736974697665)](https://github.com/globyapp/hash-sensitive/blob/master/composer.json#L14) [![CI](https://github.com/Globy-App/hash-sensitive/actions/workflows/ci.yml/badge.svg)](https://github.com/Globy-App/hash-sensitive/actions/workflows/ci.yml) Summary ------- [](#summary) - [About](#about) - [Features](#features) - [Requirements](#requirements) - [Installation](#installation) - [Examples](#examples) - [API](#api) - [Known issues](#known-issues) - [Thanks](#thanks) About ----- [](#about) A Monolog processor that protects sensitive data from miss logging. Forked from: [redact-sensitive](https://github.com/leocavalcante/redact-sensitive) by [Leo Cavalcante](https://github.com/leocavalcante). When redacting values from logs, it might be useful to be able to compare redacted values that are equal. Avoids logging something like `{"api_key":"mysupersecretapikey"}` by substituting the value by a hashed version of the value: ``` Readme.INFO: Hello, World! {"api_key":"3f6b5eb5b4bc422fc119c76caccd8792d1cf253a71a04d520206a01f1463ca41"} [] ``` Features -------- [](#features) - Adds a monolog processor to hash pre-determined array keys. - Hashes sensitive data in the monolog context to prevent sending secrets to the logs. - The hashed version is deterministic and thus allows for correlation between errors. Requirements ------------ [](#requirements) - PHP >= 8.1.0 - [Composer](https://getcomposer.org/) - Monolog >= 3.0 Installation ------------ [](#installation) Add the package to your dependencies: ``` composer require globyapp/hash-sensitive ``` ### Usage [](#usage) #### 1. Prepare your sensitive keys [](#1-prepare-your-sensitive-keys) It is an array of key names, for example: ``` $sensitive_keys = ['api_key']; ``` Will hash the value of the `api_key`. Because of PHP's tendency to automatically add integer indexes to such an array, integers in sensitive keys will be ignored and might lead to unexpected results. To be on the safe side, only use sensitive string keys, or a nested tree of strings. #### 2. Create a Processor using the keys [](#2-create-a-processor-using-the-keys) You can now create a new Processor with the given keys: ``` use GlobyApp\HashSensitive\HashSensitiveProcessor; $sensitive_keys = ['api_key']; $processor = new HashSensitiveProcessor($sensitive_keys); ``` #### 3. Set the Processor to a Monolog\\Logger [](#3-set-the-processor-to-a-monologlogger) ``` use GlobyApp\HashSensitive\HashSensitiveProcessor; $sensitive_keys = ['api_key']; $processor = new HashSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Readme'); $logger->pushProcessor($processor); ``` Examples -------- [](#examples) ``` use Monolog\Handler\StreamHandler; use GlobyApp\HashSensitive\HashSensitiveProcessor; $sensitive_keys = ['api_key']; $processor = new HashSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Readme', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Hello, World!', ['api_key' => 'mysupersecretapikey']); ``` ``` Readme.INFO: Hello, World! {"api_key":"3f6b5eb5b4bc422fc119c76caccd8792d1cf253a71a04d520206a01f1463ca41"} [] ``` ### Using the library standalone [](#using-the-library-standalone) It is possible to use the logic in the library without using it as a monolog hook. This can be achieved by constructing a new instance of the `Hasher` class. function `scrubKeys`, an array of values to scrub and the sensitive key array can be specified in the same manner as when using the library with monolog. ### I don't want my output to be hashed, just replaced with a pre-determined string [](#i-dont-want-my-output-to-be-hashed-just-replaced-with-a-pre-determined-string) If you're looking for formating the output with a user defined string, this isn't the right project. You might want to look into [redact-sensitive](https://github.com/leocavalcante/redact-sensitive). API --- [](#api) ### Length limit & algorithm [](#length-limit--algorithm) Use `lengthLimit` to truncate redacted sensitive information, such as lengthy tokens. Truncation always happens before hashing. Use `algorithm` to specify the algorithm used for hashing the value. Refer to [the php documentation](https://www.php.net/manual/en/function.hash-algos.php) for a list of supported algorithms. ``` use Monolog\Handler\StreamHandler; use GlobyApp\HashSensitive\HashSensitiveProcessor; $sensitive_keys = ['access_token']; $processor = new HashSensitiveProcessor($sensitive_keys, algorithm: 'sha256', lengthLimit: 5); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Truncated secret', ['access_token' => 'Very long JWT ...']); $logger->info('Truncated secret', ['access_token' => 'Very long token ...']); ``` ``` Example.INFO: Truncated secret {"access_token":"22e25a68c0ef48364f3f12a0ebbb550e595e15aaec09a96ca3eea7d78daa2b72"} [] Example.INFO: Truncated secret {"access_token":"22e25a68c0ef48364f3f12a0ebbb550e595e15aaec09a96ca3eea7d78daa2b72"} [] ``` ### Nested values [](#nested-values) It should work with nested objects and arrays as well. For more granular control over how nested values are handled, the `exclusiveSubtree` boolean can set. When set to true, this causes the algorithm to, if there is a subtree specified in the sensitive keys, only check the subtree in the values against keys in that subtree of the sensitive keys. This is the default behavior. When set to false, every key in the input data is checked against every key in sensitive keys. ``` use Monolog\Handler\StreamHandler; use GlobyApp\HashSensitive\HashSensitiveProcessor; $sensitive_keys = [ 'test', 'test_subkey' => [ 'to_hash', ], ]; $processor = new HashSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Nested', [ 'test_key' => 'test_value', 'test_subkey' => [ 'to_hash' => 'test_value', 'test' => 'test', ], ]); ``` `exclusiveSubtree = true:` (`test` is not hashed, because `test_subkey` specifies a subkey configuration in `$sensitive_keys` in which only `to_hash` is hashed). ``` Example.INFO: Nested {"test_key":"test_value","test_subkey":{"to_hash":"4f7f6a4ae46676d9751fdccdf15ae1e6a200ed0de5653e06390148928c642006","test":"test"}} [] ``` `exclusiveSubtree = false:` (`test` is hashed, because `test` is a key in `$sensitive_keys`). ``` Example.INFO: Nested {"test_key":"test_value","test_subkey":{"to_hash":"4f7f6a4ae46676d9751fdccdf15ae1e6a200ed0de5653e06390148928c642006","test":"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"}} [] ``` Known issues ------------ [](#known-issues) Currently, there are no known issues. Thanks ------ [](#thanks) Feel free to open any issues or PRs. --- MIT © 2024 ### Health Score 46 — FairBetter than 92% of packages Maintenance73 Regular maintenance activity Popularity21 Limited adoption so far Community11 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 71.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~79 days Recently: every ~158 days Total 10 Last Release 158d ago Major Versions v0.2.2 → v1.0.02024-04-25 PHP version history (3 changes)v0.0.1PHP >=8.1 v1.0.1PHP >=8.2 v1.1.1PHP >=8.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/df138e9cc459c67079fc4e09b80363fb03d22aabcd524e86282cb714995fab97?d=identicon)[GlobyApp](/maintainers/GlobyApp) --- Top Contributors [![Sjustein](https://avatars.githubusercontent.com/u/30069718?v=4)](https://github.com/Sjustein "Sjustein (50 commits)")[![leocavalcante](https://avatars.githubusercontent.com/u/183722?v=4)](https://github.com/leocavalcante "leocavalcante (15 commits)")[![dnsbty](https://avatars.githubusercontent.com/u/3421625?v=4)](https://github.com/dnsbty "dnsbty (2 commits)")[![sshymko-promenade](https://avatars.githubusercontent.com/u/95300875?v=4)](https://github.com/sshymko-promenade "sshymko-promenade (2 commits)")[![aymanrb](https://avatars.githubusercontent.com/u/4629433?v=4)](https://github.com/aymanrb "aymanrb (1 commits)") ### Code Quality TestsPest Static AnalysisPHPStan, Psalm Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/globyapp-hash-sensitive/health.svg) ``` [![Health](https://phpackages.com/badges/globyapp-hash-sensitive/health.svg)](https://phpackages.com/packages/globyapp-hash-sensitive) ``` ### Alternatives [symfony/monolog-bridge Provides integration for Monolog with various Symfony components 2.6k198.8M328](/packages/symfony-monolog-bridge)[matomo/matomo Matomo is the leading Free/Libre open analytics platform 21.6k38.2k](/packages/matomo-matomo)[spatie/flare-client-php Send PHP errors to Flare 177156.9M21](/packages/spatie-flare-client-php)[illuminate/log The Illuminate Log package. 6225.0M602](/packages/illuminate-log)[tempest/framework The PHP framework that gets out of your way. 2.2k31.1k12](/packages/tempest-framework)[grkamil/laravel-telegram-logging Send logs to Telegram chat via Telegram bot 161493.0k](/packages/grkamil-laravel-telegram-logging) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)