A library for data redaction in ControlR, providing tools to redact sensitive information from logs and outputs.
Get Started
$ dotnet add package ControlR.Libraries.DataRedactionReadme
ControlR Data Redaction Library
A lightweight library for redacting sensitive data in logs and outputs using Microsoft's data compliance framework.
Overview
This library provides tools to automatically redact sensitive information during logging operations, helping you maintain security and comply with data protection regulations. It uses Microsoft's Microsoft.Extensions.Compliance.Redaction package to seamlessly integrate with standard .NET logging infrastructure.
Installation
dotnet add package ControlR.Libraries.DataRedaction
Quick Start
1. Register the Redactor
Add the redactor to your service collection:
using ControlR.Libraries.DataRedaction;
var builder = WebApplication.CreateBuilder(args);
// Add redaction services
builder.Services.AddStarRedactor();
var app = builder.Build();
2. Mark Sensitive Properties
Use the ProtectedDataClassification attribute to mark properties that should be redacted:
public class User
{
public string Name { get; set; }
[ProtectedDataClassification]
public string Password { get; set; }
[ProtectedDataClassification]
public string ApiKey { get; set; }
}
3. Log Structured Data
When you log objects with protected properties, they'll automatically be redacted:
var user = new User
{
Name = "John Doe",
Password = "secret123",
ApiKey = "sk_live_abc123"
};
logger.LogInformation("User details: {@User}", user);
// Output: User details: { Name: "John Doe", Password: "****", ApiKey: "****" }
Features
- Automatic Redaction: Sensitive data is redacted automatically during logging
- Attribute-Based: Simple
[ProtectedDataClassification]attribute to mark sensitive properties - Star Redactor: Replaces sensitive values with
**** - Standard Integration: Works with Microsoft's logging and compliance infrastructure
- Zero Configuration: Works out of the box with sensible defaults
API Reference
AddStarRedactor()
Registers the StarRedactor and enables redaction in the logging pipeline.
services.AddStarRedactor();
ProtectedDataClassificationAttribute
Marks a property as containing protected data that should be redacted.
[ProtectedDataClassification]
public string SensitiveData { get; set; }
StarRedactor
The default redactor that replaces sensitive values with ****.
DefaultDataClassifications
Provides standard data classification types:
Protected: Data that should be redactedPublic: Data that can be logged without redaction
Advanced Usage
Custom Data Classifications
You can use the built-in classifications for more granular control:
using Microsoft.Extensions.Compliance.Classification;
public class CustomModel
{
[DataClassification(DefaultDataClassifications.Public)]
public string PublicInfo { get; set; }
[DataClassification(DefaultDataClassifications.Protected)]
public string PrivateInfo { get; set; }
}
Requirements
- .NET 10.0 or later
- Microsoft.Extensions.Compliance.Redaction
- Microsoft.Extensions.Logging
Learn More
For more information about data redaction in .NET, see the official documentation:
License
MIT