The Log Redaction Discipline

Logs leak secrets. The redaction layer, the test suite, and the policy that prevents 'we logged a credit card' incidents.

The redaction layer

Wrap the logger. Every log call passes through redaction before the bytes hit disk.

Pluggable rules: PII patterns (emails, SSNs), credentials (tokens, API keys), customer data.

Test the redactor

Unit tests with sample inputs. Each rule has a positive test (caught) and a negative test (not over-redacted).

Periodic prod scan: sample logs; check for unredacted PII. Anything found is a bug.

Policy

What to redact is policy. PII is non-negotiable. Customer data depends on data classification.

Document the policy; make it visible. Engineers should know the rules without asking.