PII Redaction & Logging Policy Builder
Protect user privacy in application logs.
PII Redaction
const PII_PATTERNS = {
email: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
ssn: /\b\d{3}-\d{2}-\d{4}\b/g,
phone: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g,
creditCard: /\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g,
};
function redactPII(message: string): string {
let redacted = message;
Object.entries(PII_PATTERNS).forEach(([type, pattern]) => {
redacted = redacted.replace(pattern, `[REDACTED_${type.toUpperCase()}]`);
});
return redacted;
}
// Safe logging
logger.info(redactPII(\`User registered: \${email}\`));
// Output: "User registered: [REDACTED_EMAIL]"
Logging Policy
# Logging Policy
## ✅ DO Log
- Request IDs
- User IDs (hashed)
- HTTP status codes
- Response times
- Error types
- Feature flags
## ❌ DON'T Log
- Passwords
- Credit card numbers
- SSNs
- API keys
- Full emails (hash first)
- Full names
- Addresses
Output Checklist
- [ ] Redaction rules defined
- [ ] Logging policy documented
- [ ] Safe logger wrapper
- [ ] Team trained
- [ ] Log monitoring ENDFILE