Redaction

Keep passwords, API keys, PII, and other sensitive data out of your logs.

Disclaimer: Redaction is provided as a best-effort mechanism to help protect sensitive data. It matches field names and patterns, not arbitrary field content. You are responsible for testing and verifying redaction meets your compliance requirements before production use. Fapilog and its maintainers accept no liability for data exposure resulting from misconfiguration, incomplete coverage, or reliance on redaction without adequate verification.

Quick Start

from fapilog import get_logger

# Production preset: auto-redacts passwords, API keys, tokens
logger = get_logger(preset="production")

logger.info("User login", password="secret123", api_key="sk-abc")
# Output: {"data": {"password": "***", "api_key": "***"}}

Compliance Presets

One-liner protection for GDPR, HIPAA, PCI-DSS:

from fapilog import LoggerBuilder

# GDPR compliance
logger = LoggerBuilder().with_redaction(preset="GDPR_PII").build()

# Multiple regulations
logger = LoggerBuilder().with_redaction(preset=["HIPAA_PHI", "PCI_DSS"]).build()

See Presets Reference for complete field lists.

Custom Redaction

logger = (
    LoggerBuilder()
    .with_redaction(
        fields=["password", "ssn", "internal_id"],
        patterns=[r"(?i).*secret.*"],
    )
    .build()
)

See Configuration for all options.

Key Concepts

Concept	Description
Field-name matching	Redaction matches field names, not content. `email="x@y.com"` is redacted; `"Email: x@y.com"` in a message is not.
Auto-prefix	Simple field names like `"password"` are prefixed to `"data.password"` to match the log envelope.
Additive	Multiple `with_redaction()` calls merge fields/patterns. Use `replace=True` to overwrite.
Pre-serialization	Redaction happens before logs reach any sink (file, CloudWatch, etc.).
`sensitive=`/`pii=`	Developer-declared masking at log time — values are masked at envelope construction before queueing. See Declaring Sensitive Data.
Field blocking	High-risk field names (`body`, `payload`, etc.) can be blocked entirely via `block_fields=`. See Configuration.

What Gets Redacted

Scenario	Redacted?	Why
`email="john@example.com"`	✅ Yes	Field name matches
`user={"email": "john@example.com"}`	✅ Yes	Nested path matches
`f"User email: {email}"`	❌ No	Content in message string
`notes="Call john@example.com"`	❌ No	Field name `notes` doesn’t match

See Behavior for detailed coverage.

Documentation

Page	Description
Presets Reference	Complete field lists for all compliance presets
Configuration	Builder API, Settings, environment variables
Behavior	What gets redacted, pipeline order, limitations
Testing	How to verify redaction in CI

Cookbooks

Compliance Redaction - What works and what doesn’t
Redacting Secrets & PII - Practical examples