Download the PHP package kirschbaum-development/redactor without Composer
On this page you can find all versions of the php package kirschbaum-development/redactor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download kirschbaum-development/redactor
More information about kirschbaum-development/redactor
Files in kirschbaum-development/redactor
Package redactor
Short Description Sensitive data redactor for Laravel with entropy detection, key policies, and pipeline support.
License MIT
Informations about the package redactor
Kirschbaum Redactor
Automatically redact sensitive data from arrays, objects, and strings before logging or exporting. Features a class-based strategy system with profile-based configurations, Shannon entropy detection.
This package is in active development and its API can change abruptly without any notice. Please reach out if you plan to use it in a production environment.
Quick Start
The package automatically registers the service provider and facade. Use it directly:
Core Concepts
Redaction Strategies
The package uses a class-based configuration:
- SafeKeysStrategy - Preserves safe keys like
id
,user_id
- BlockedKeysStrategy - Always redacts blocked keys like
password
,secret
- LargeObjectStrategy - Redacts objects/arrays exceeding size limits
- LargeStringStrategy - Redacts strings exceeding length limits
- RegexPatternsStrategy - Custom regex patterns for emails, credit cards, etc.
- ShannonEntropyStrategy - Detects high-entropy strings (API keys, tokens)
Profiles
Profiles provide different redaction configurations for different contexts:
Configuration
The config file (config/redactor.php
) uses a class-based approach:
Wildcard Patterns
The BlockedKeysStrategy
and SafeKeysStrategy
support powerful wildcard patterns using the *
character. This allows you to match multiple key variations without listing each one explicitly.
Basic Wildcard Usage
Wildcard Pattern Types
Contains Pattern (*word*
)
Matches any key that contains the specified word anywhere:
Prefix Pattern (word*
)
Matches any key that starts with the specified word:
Suffix Pattern (*word
)
Matches any key that ends with the specified word:
Multi-Wildcard Patterns (word*middle*word
)
Use multiple wildcards for complex patterns:
Case-Insensitive Matching
All wildcard patterns are case-insensitive by default:
Combining Exact and Wildcard Patterns
You can mix exact matches with wildcard patterns in the same configuration:
Performance Considerations
- Exact matches are faster than wildcard patterns
- Simple wildcards (
*word*
) are faster than complex multi-wildcard patterns - Consider placing more specific patterns before broader ones
- Use exact matches when you know the specific key names
Common Use Cases
Logging Context
Laravel Logging Integration
For automatic redaction of all log entries, use the CustomLogTap
with Laravel's logging configuration. In your config/logging.php
, add the tap to any channel:
With this configuration, all log entries will automatically have their context data redacted before being written to logs. The tap uses the default
redaction profile unless otherwise configured.
API Response Sanitization
Database Export & Auditing
PCI Compliance Example
Advanced Features
Object Handling
The package handles various object types:
Custom Strategies
Create your own redaction logic with full type safety:
Multiple Usage Patterns
Built-in Profiles
default
: Balanced redaction for general logging and debuggingstrict
: Aggressive redaction for sensitive contexts and audit trailsperformance
: Minimal redaction optimized for high-throughput scenarios
Environment Configuration
Many settings can be controlled via environment variables:
File Scanning Command
The package includes a console command to scan files and directories for sensitive content:
The scanner uses the file_scan
profile by default, which is optimized for plain text content and detects:
- API keys, tokens, and secrets
- Email addresses and personal information
- High-entropy strings (potential keys/tokens)
- Credit cards, SSNs, phone numbers
- Passwords and authentication strings
Results show CLEAN, FINDINGS, or SKIPPED status for each file, with a summary of total files scanned and findings detected.
Requirements
- PHP 8.3+
- Laravel 11.x or 12.x
Installation
Testing
Roadmap
- Add Laravel custom log formatter to tap logs and automatically redact sensitive data
- Add supoprt for partial replacement of sensitive data (low priority)
License
MIT License. See LICENSE.md for details.
All versions of redactor with dependencies
spatie/laravel-package-tools Version ^1.16
php Version ^8.3|^8.4