PHP download

Download the PHP package globyapp/hash-sensitive without Composer

On this page you can find all versions of the php package globyapp/hash-sensitive. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download globyapp/hash-sensitive
More information about globyapp/hash-sensitive
Files in globyapp/hash-sensitive

Vendor globyapp
Package hash-sensitive
Short Description Monolog processor to protect sensitive information from logging by hashing the values
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of globyapp/hash-sensitive

Informations about the package hash-sensitive

Hash Sensitive

Monolog processor to protect sensitive information from logging by hashing the values.

Summary

About
Features
Requirements
Installation
Examples
API
Known issues
Thanks

About

A Monolog processor that protects sensitive data from miss logging. Forked from: redact-sensitive by Leo Cavalcante. When redacting values from logs, it might be useful to be able to compare redacted values that are equal.

Avoids logging something like {"api_key":"mysupersecretapikey"} by substituting the value by a hashed version of the value:

Features

Adds a monolog processor to hash pre-determined array keys.
Hashes sensitive data in the monolog context to prevent sending secrets to the logs.
The hashed version is deterministic and thus allows for correlation between errors.

Requirements

PHP >= 8.1.0
Composer
Monolog >= 3.0

Installation

Add the package to your dependencies:

Usage

1. Prepare your sensitive keys

It is an array of key names, for example:

Will hash the value of the api_key. Because of PHP's tendency to automatically add integer indexes to such an array, integers in sensitive keys will be ignored and might lead to unexpected results. To be on the safe side, only use sensitive string keys, or a nested tree of strings.

2. Create a Processor using the keys

You can now create a new Processor with the given keys:

3. Set the Processor to a Monolog\Logger

Examples

Using the library standalone

It is possible to use the logic in the library without using it as a monolog hook. This can be achieved by constructing a new instance of the Hasher class. function scrubKeys, an array of values to scrub and the sensitive key array can be specified in the same manner as when using the library with monolog.

I don't want my output to be hashed, just replaced with a pre-determined string

If you're looking for formating the output with a user defined string, this isn't the right project. You might want to look into redact-sensitive.

API

Length limit & algorithm

Use lengthLimit to truncate redacted sensitive information, such as lengthy tokens. Truncation always happens before hashing. Use algorithm to specify the algorithm used for hashing the value. Refer to the php documentation for a list of supported algorithms.

Nested values

It should work with nested objects and arrays as well. For more granular control over how nested values are handled, the exclusiveSubtree boolean can set. When set to true, this causes the algorithm to, if there is a subtree specified in the sensitive keys, only check the subtree in the values against keys in that subtree of the sensitive keys. This is the default behavior. When set to false, every key in the input data is checked against every key in sensitive keys.

exclusiveSubtree = true: (test is not hashed, because test_subkey specifies a subkey configuration in $sensitive_keys in which only to_hash is hashed).

exclusiveSubtree = false: (test is hashed, because test is a key in $sensitive_keys).

Known issues

Currently, there are no known issues.

Thanks

Feel free to open any issues or PRs.

All versions of hash-sensitive with dependencies

PHP Build Version

Package Version

Version v1.1.0 Release 23. Nov 2024
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of hash-sensitive from vendor globyapp

Requires php Version >=8.2
monolog/monolog Version ^3.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package globyapp/hash-sensitive contains the following files

Loading the files please wait ....