Remove Sensitive Information from Laravel Apps

https://laravelnews.imgix.net/images/laravel-scrubber-featured.png?ixlib=php-3.3.1

Laravel Scrubber is a Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

You can use this package in a few ways:

First, this package detects log messages and context patterns and scrubs them:

1Log::info('some message', [

2 'context' => 'accidental',

3 'leak_of' => [

4 'jwt' => '<insert jwt token here>'

5 ]

6]);

7 

8// testing.INFO: some message {"context":"accidental","leak_of":{"jwt": '**redacted**'}}

9 

10Log::info('<insert jwt token here>');

11 

12// testing.INFO: **redacted**

Second, you can use the scrubber directly to process data in an array and mark it as redacted:

1Scrubber::processMessage([

2 'context' => 'accidental',

3 'leak_of' => [

4 'jwt' => '<insert jwt token here>'

5 ]

6]);

7 

8// [

9// "context" => "accidental"

10// "leak_of" => [

11// "jwt" => "**redacted**"

12// ]

13// ];

14 

15Scrubber::processMessage('<insert jwt token here>');

16// **redacted**

This package also provides customization options, such as configuring the replacement message when data is scrubbed (the default is **redacted**). You can also extend the package by adding custom regex scrubbers.

You can start with Laravel Scrubber by checking out the project on GitHub at YorCreative/Laravel-Scrubber.

Laravel News