feat: make sensitive log value redaction text configurable

configx/stub/from-files/config.schema.json

@@ -935,6 +935,11 @@
           "title": "Leak Sensitive Log Values",
           "description": "If set will leak sensitive values (e.g. emails) in the logs."
         },
+        "redaction_text": {
+          "type": "string",
+          "title": "Sensitive log value redaction text",
+          "description": "Text to use, when redacting sensitive log value."
+        },
         "format": {
           "type": "string",
           "enum": [

configx/stub/hydra/config.schema.json

@@ -229,6 +229,11 @@
           "description": "Logs sensitive values such as cookie and URL parameter.",
           "default": false
         },
+        "redaction_text": {
+          "type": "string",
+          "title": "Sensitive log value redaction text",
+          "description": "Text to use, when redacting sensitive log value."
+        },
         "format": {
           "type": "string",
           "description": "Sets the log format.",

configx/stub/kratos/config.schema.json

@@ -935,6 +935,11 @@
           "title": "Leak Sensitive Log Values",
           "description": "If set will leak sensitive values (e.g. emails) in the logs."
         },
+        "redaction_text": {
+          "type": "string",
+          "title": "Sensitive log value redaction text",
+          "description": "Text to use, when redacting sensitive log value."
+        },
         "format": {
           "type": "string",
           "enum": [

configx/stub/multi/config.schema.json

@@ -935,6 +935,11 @@
           "title": "Leak Sensitive Log Values",
           "description": "If set will leak sensitive values (e.g. emails) in the logs."
         },
+        "redaction_text": {
+          "type": "string",
+          "title": "Sensitive log value redaction text",
+          "description": "Text to use, when redacting sensitive log value."
+        },
         "format": {
           "type": "string",
           "enum": [

logrusx/config.schema.json

@@ -37,6 +37,11 @@
       "title": "Leak Sensitive Log Values",
       "description": "If set will leak sensitive values (e.g. emails) in the logs.",
       "default": false
+    },
+    "redaction_text": {
+      "type": "string",
+      "title": "Sensitive log value redaction text",
+      "description": "Text to use, when redacting sensitive log value."
     }
   },
   "additionalProperties": false

logrusx/helper.go

@@ -22,6 +22,7 @@ import (
 type Logger struct {
 	*logrus.Entry
 	leakSensitive bool
+	redactionText string
 	opts          []Option
 	name          string
 	version       string
@@ -171,7 +172,7 @@ func (l *Logger) maybeRedact(value interface{}) interface{} {
 		return nil
 	}
 	if !l.leakSensitive {
-		return `Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`
+		return l.redactionText
 	}
 	return value
 }

logrusx/logrus.go

@@ -23,6 +23,7 @@ type (
 		reportCaller  bool
 		exitFunc      func(int)
 		leakSensitive bool
+		redactionText string
 		hooks         []logrus.Hook
 		c             configurator
 	}
@@ -167,6 +168,12 @@ func LeakSensitive() Option {
 	}
 }
 
+func RedactionText(text string) Option {
+	return func(o *options) {
+		o.redactionText = text
+	}
+}
+
 func (c *nullConfigurator) Bool(_ string) bool {
 	return false
 }
@@ -192,6 +199,7 @@ func New(name string, version string, opts ...Option) *Logger {
 		name:          name,
 		version:       version,
 		leakSensitive: o.leakSensitive || o.c.Bool("log.leak_sensitive_values"),
+		redactionText: stringsx.DefaultIfEmpty(o.redactionText, `Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`),
 		Entry: newLogger(o.l, o).WithFields(logrus.Fields{
 			"audience": "application", "service_name": name, "service_version": version}),
 	}
@@ -203,6 +211,7 @@ func NewAudit(name string, version string, opts ...Option) *Logger {
 
 func (l *Logger) UseConfig(c configurator) {
 	l.leakSensitive = l.leakSensitive || c.Bool("log.leak_sensitive_values")
+	l.redactionText = stringsx.DefaultIfEmpty(c.String("log.redaction_text"), l.redactionText)
 	o := newOptions(append(l.opts, WithConfigurator(c)))
 	setLevel(l.Entry.Logger, o)
 	setFormatter(l.Entry.Logger, o)

logrusx/logrus_test.go

@@ -119,6 +119,19 @@ func TestTextLogger(t *testing.T) {
 				l.WithRequest(fakeRequest).Error("An error occurred.")
 			},
 		},
+		{
+			l: New("logrusx-app", "v0.0.0", ForceFormat("text"), ForceLevel(logrus.TraceLevel), RedactionText("redacted")),
+			expect: []string{"logrus_test.go", "logrusx_test.TestTextLogger",
+				"audience=application", "service_name=logrusx-app", "service_version=v0.0.0",
+				"An error occurred.", "headers:map[", "accept:application/json", "accept-encoding:gzip",
+				"user-agent:Go-http-client/1.1", "x-request-id:id1234", "host:127.0.0.1:63232", "method:GET",
+				"query:redacted",
+			},
+			notExpect: []string{"testing.tRunner", "bar=foo"},
+			call: func(l *Logger) {
+				l.WithRequest(fakeRequest).Error("An error occurred.")
+			},
+		},
 		{
 			l: New("logrusx-server", "v0.0.1", ForceFormat("text"), LeakSensitive(), ForceLevel(logrus.DebugLevel)),
 			expect: []string{

stringsx/default.go

@@ -0,0 +1,9 @@
+package stringsx
+
+func DefaultIfEmpty(s string, defaultValue string) string {
+	if len(s) == 0 {
+		return defaultValue
+	} else {
+		return s
+	}
+}

stringsx/default_test.go

@@ -0,0 +1,12 @@
+package stringsx
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDefaultIfEmpty(t *testing.T) {
+	assert.Equal(t, DefaultIfEmpty("", "default"), "default")
+	assert.Equal(t, DefaultIfEmpty("custom", "default"), "custom")
+}