Redaction Presets
One-liner compliance protection for GDPR, CCPA, HIPAA, PCI-DSS, and more.
Disclaimer: Redaction presets are provided as a convenience to help protect sensitive data in logs. They represent a best-effort approach based on common field naming conventions and cannot guarantee complete coverage of all sensitive data in your application. Field-name matching does not detect sensitive content within arbitrarily-named fields. You are responsible for verifying that redaction meets your compliance requirements through thorough testing before deploying to production. Fapilog and its maintainers accept no liability for data exposure resulting from misconfiguration, incomplete coverage, or reliance on these presets without adequate verification.
Quick Start
from fapilog import LoggerBuilder
# GDPR compliance in one line
logger = LoggerBuilder().with_redaction(preset="GDPR_PII").build()
logger.info("signup", email="john@example.com", phone="+1-555-1234")
# Output: {"data": {"email": "***", "phone": "***"}}
Available Presets
Regulation Presets
Preset |
Regulation |
Region |
Description |
|---|---|---|---|
|
GDPR |
EU |
EU General Data Protection Regulation |
|
UK-GDPR |
UK |
UK GDPR (includes NHS, NI numbers) |
|
CCPA |
US-CA |
California Consumer Privacy Act |
|
HIPAA |
US |
Protected Health Information |
|
PCI-DSS |
Global |
Payment card data |
|
N/A |
Global |
Authentication secrets |
Building Block Presets
Preset |
Description |
Example Fields |
|---|---|---|
|
Contact information |
email, phone, address |
|
Personal identity |
name, dob, gender |
|
Digital identifiers |
ip_address, device_id, cookie_id |
|
Financial accounts |
iban, account_number |
|
US government IDs |
ssn, passport, drivers_license |
|
UK government IDs |
ni_number, nhs_number |
|
EU government IDs |
national_id, passport |
Using Presets
Single Preset
from fapilog import LoggerBuilder
logger = LoggerBuilder().with_redaction(preset="GDPR_PII").build()
Multiple Presets
Combine presets for multi-regulation compliance:
# Healthcare + payment data
logger = (
LoggerBuilder()
.with_redaction(preset=["HIPAA_PHI", "PCI_DSS"])
.build()
)
Preset with Custom Fields
Presets and custom fields are additive:
logger = (
LoggerBuilder()
.with_redaction(preset="GDPR_PII")
.with_redaction(fields=["internal_user_id", "employee_badge"])
.build()
)
Environment Presets with Redaction
The production, adaptive, and serverless environment presets automatically apply the CREDENTIALS preset:
from fapilog import get_logger
# Automatically redacts passwords, API keys, tokens
logger = get_logger(preset="production")
logger = get_logger(preset="adaptive") # Same redaction, with auto-scaling
The hardened preset applies comprehensive redaction from HIPAA_PHI, PCI_DSS, and CREDENTIALS presets:
# Maximum security for regulated environments
logger = get_logger(preset="hardened")
To add compliance presets to other environment presets:
logger = (
LoggerBuilder()
.with_preset("production") # Includes CREDENTIALS
.with_redaction(preset="HIPAA_PHI") # Add HIPAA protection
.build()
)
See Presets Guide for complete environment preset documentation.
Preset Inheritance
Presets can extend other presets. Inheritance is resolved at configuration time for performance.
GDPR_PII
├── CONTACT_INFO
├── PERSONAL_IDENTIFIERS
├── ONLINE_IDENTIFIERS
├── FINANCIAL_IDENTIFIERS
└── EU_GOVERNMENT_IDS
GDPR_PII_UK
├── GDPR_PII (all fields above)
└── UK_GOVERNMENT_IDS (nhs_number, ni_number)
Example: GDPR_PII_UK
from fapilog.redaction import resolve_preset_fields
fields, patterns = resolve_preset_fields("GDPR_PII_UK")
# Includes all GDPR_PII fields plus UK-specific:
assert "email" in fields # From CONTACT_INFO via GDPR_PII
assert "nhs_number" in fields # From UK_GOVERNMENT_IDS
assert "ni_number" in fields # From UK_GOVERNMENT_IDS
Discovering Presets
List All Presets
from fapilog import LoggerBuilder
presets = LoggerBuilder.list_redaction_presets()
print(presets)
# ['CCPA_PII', 'CONTACT_INFO', 'CREDENTIALS', 'EU_GOVERNMENT_IDS',
# 'FINANCIAL_IDENTIFIERS', 'GDPR_PII', 'GDPR_PII_UK', 'HIPAA_PHI',
# 'ONLINE_IDENTIFIERS', 'PCI_DSS', 'PERSONAL_IDENTIFIERS',
# 'UK_GOVERNMENT_IDS', 'US_GOVERNMENT_IDS']
Get Preset Details
info = LoggerBuilder.get_redaction_preset_info("GDPR_PII")
print(info["name"]) # "GDPR_PII"
print(info["description"]) # "GDPR Article 4 personal data identifiers"
print(info["regulation"]) # "GDPR"
print(info["region"]) # "EU"
print(info["tags"]) # ["gdpr", "pii", "eu"]
print(info["extends"]) # ["CONTACT_INFO", "PERSONAL_IDENTIFIERS", ...]
print(info["fields"][:5]) # ["email", "phone", "name", "address", ...]
print(info["patterns"][:3]) # ["(?i).*email.*", "(?i).*phone.*", ...]
Filter Presets by Metadata
from fapilog.redaction import (
get_presets_by_regulation,
get_presets_by_region,
get_presets_by_tag,
)
# By regulation
gdpr_presets = get_presets_by_regulation("GDPR")
# ["GDPR_PII"]
# By region
us_presets = get_presets_by_region("US")
# ["CCPA_PII", "HIPAA_PHI", "US_GOVERNMENT_IDS"]
# By tag
healthcare = get_presets_by_tag("healthcare")
# ["HIPAA_PHI"]
Complete Field Reference
This section lists every field covered by each preset. Use Ctrl+F to search for specific field names.
Building Block Presets
CONTACT_INFO
Contact information fields:
email, e_mail, email_address
phone, phone_number, telephone, mobile, cell, fax
address, street, street_address, postal_address
postcode, postal_code, zipcode, zip_code, zip
city, town, state, province, country
Patterns: .*email.*, .*phone.*, .*mobile.*, .*address.*, .*postcode.*, .*zipcode.*
PERSONAL_IDENTIFIERS
Personal identity fields:
name, first_name, last_name, full_name, surname
given_name, middle_name, maiden_name, nickname
dob, date_of_birth, birth_date, birthday, age
gender, sex
Patterns: .*\bname\b.*, .*\bdob\b.*, .*birth.*
ONLINE_IDENTIFIERS
Digital/online identifiers:
ip, ip_address, ipv4, ipv6, client_ip, remote_ip
device_id, device_identifier, udid, idfa, gaid
mac_address, hardware_id
user_agent, browser_fingerprint
cookie_id, tracking_id, visitor_id
Patterns: .*\bip\b.*, .*device.?id.*, .*mac.?addr.*
FINANCIAL_IDENTIFIERS
Financial account identifiers:
iban, bic, swift
bank_account, account_number, account_no
sort_code, routing_number, bsb
Patterns: .*\biban\b.*, .*account.?(num|no).*, .*routing.*
US_GOVERNMENT_IDS
US government-issued identifiers:
ssn, social_security, social_security_number
itin, ein
passport, passport_number
drivers_license, driver_license, dl_number
Patterns: .*\bssn\b.*, .*social.?security.*
UK_GOVERNMENT_IDS
UK government-issued identifiers:
national_insurance, ni_number, nino
nhs_number
passport, passport_number
driving_licence, licence_number
Patterns: .*national.?insurance.*, .*\bni.?(num|no)\b.*, .*\bnino\b.*, .*\bnhs\b.*
EU_GOVERNMENT_IDS
EU government-issued identifiers:
national_id, id_number, identity_number, id_card
passport, passport_number
tax_id, tin, vat_number
drivers_license, licence_number
Patterns: .*national.?id.*, .*passport.*, .*\btin\b.*, .*tax.?id.*, .*licen[cs]e.*
Regulation Presets
CREDENTIALS
Authentication and authorization secrets:
password, passwd, pwd, pass
secret, api_secret, client_secret, shared_secret
token, access_token, refresh_token, auth_token, bearer_token, jwt
api_key, apikey, api_token
private_key, secret_key, signing_key, encryption_key
authorization, auth_header
session_id, session_token, session_key
cookie, session_cookie, auth_cookie
otp, totp, mfa_code, verification_code
Patterns: .*password.*, .*passwd.*, .*\bsecret\b.*, .*\btoken\b.*, .*api.?key.*, .*private.?key.*, .*auth.*, .*\botp\b.*
GDPR_PII
EU GDPR Article 4 personal data.
Inherits all fields from: CONTACT_INFO, PERSONAL_IDENTIFIERS, ONLINE_IDENTIFIERS, FINANCIAL_IDENTIFIERS, EU_GOVERNMENT_IDS
Additional fields:
biometric_data, genetic_data, health_data
Total coverage: 70+ fields including all inherited fields listed above.
GDPR_PII_UK
UK GDPR personal data (post-Brexit variant).
Inherits all fields from: GDPR_PII, UK_GOVERNMENT_IDS
Total coverage: All GDPR_PII fields plus UK-specific:
national_insurance, ni_number, nino, nhs_number
driving_licence, licence_number
CCPA_PII
California Consumer Privacy Act personal information.
Inherits all fields from: CONTACT_INFO, PERSONAL_IDENTIFIERS, ONLINE_IDENTIFIERS, FINANCIAL_IDENTIFIERS, US_GOVERNMENT_IDS
Additional fields:
household_id, inferred_preferences, purchase_history
HIPAA_PHI
HIPAA Protected Health Information (18 identifier categories).
Inherits all fields from: CONTACT_INFO, PERSONAL_IDENTIFIERS, US_GOVERNMENT_IDS
Additional fields:
mrn, medical_record_number, patient_id
health_plan_id, beneficiary_id
account_number, certificate_number, license_number
vehicle_id, vin
device_serial, device_identifier
url, web_url
biometric_id, fingerprint, voiceprint
photo, image
Patterns: .*\bmrn\b.*, .*medical.?record.*, .*patient.?id.*, .*health.?plan.*
PCI_DSS
PCI-DSS cardholder data elements:
card_number, credit_card, cc_number, pan
cvv, cvc, cvv2, cid, security_code, card_security
expiry, expiry_date, expiration, exp_date, exp_month, exp_year
cardholder, cardholder_name, card_holder
card_pin, pin
track_data, track1, track2
Patterns: .*card.?(num|no).*, .*credit.?card.*, .*\bcvv\b.*, .*\bcvc\b.*, .*expir.*, .*cardholder.*, .*\bpan\b.*
Best Practices
1. Use Presets Over Manual Configuration
# Good: preset handles field list maintenance
logger = LoggerBuilder().with_redaction(preset="GDPR_PII").build()
# Avoid: manual list is hard to maintain
logger = LoggerBuilder().with_redaction(
fields=["email", "phone", "name", ...] # 30+ fields
).build()
2. Combine Presets for Multi-Regulation
# Healthcare company processing payments
logger = (
LoggerBuilder()
.with_redaction(preset=["HIPAA_PHI", "PCI_DSS", "CREDENTIALS"])
.build()
)
3. Extend Presets with Domain-Specific Fields
logger = (
LoggerBuilder()
.with_redaction(preset="GDPR_PII")
.with_redaction(fields=["internal_customer_id", "crm_reference"])
.build()
)
4. Audit What’s Covered
# For compliance documentation
info = LoggerBuilder.get_redaction_preset_info("HIPAA_PHI")
print("HIPAA PHI fields covered:")
for field in sorted(info["fields"]):
print(f" - {field}")
5. Test Redaction in CI
See Testing Redaction for comprehensive examples.
Limitations
Field-name matching only - Presets match field names, not field content. A field named
descriptioncontaining an email address won’t be caught.No runtime registration - Custom presets cannot be added at runtime (future feature).
Best-effort coverage - Presets cover common field names but cannot anticipate all variations. Extend with custom fields for your domain.