Loguru: how to obfuscate data in logs

Question

Using the python logger I can obfuscate data like this:

import logging
import re
import sys


class MySensitiveFormatter(logging.Formatter):
    """Formatter that removes sensitive information."""

    @staticmethod
    def _filter(s):
        """Remove credentials."""
        result = re.sub(r"pass: .*", "pass: xxx", s)
        return result

    def format(self, record):
        """Obfuscate sensitive information."""
        original = logging.Formatter.format(self, record)
        return self._filter(original)


stream_handler = logging.StreamHandler(stream=sys.stdout)
stream_handler.setFormatter(MySensitiveFormatter())
logger = logging.getLogger("demo")
logger.setLevel("INFO")
logger.addHandler(stream_handler)

logger.info("This is a demo and here is the pass: secret")

prints => This is a demo and here is the pass: xxx

In loguru I cannot add a formatter/handler and filter removes the entire record (which is not what I want). How can I achieve this using loguru?

Answer 1

This is the correct way provided by the loguru team:

def obfuscate_message(message: str):
    """Obfuscate sensitive information."""
    result = re.sub(r"pass: .*", "pass: xxx", s)
    return result

def formatter(record):
    record["extra"]["obfuscated_message"] = obfuscate_message(record["message"])
    return "[{level}] {extra[obfuscated_message]}\n{exception}"

logger.add(sys.stderr, format=formatter)

See loguru issue for details.

Answer 2

This is how it works:

def obfuscate_message(message: str):
    """Obfuscate sensitive information."""
    result = re.sub(r"pass: .*", "pass: xxx", s)
    return result


class LoguruInterceptHandler(logging.Handler):
    """Enable loguru logging."""

    def emit(self, record):
        """Get corresponding Loguru level if it exists."""
        try:
            level = loguru.logger.level(record.levelname).name
        except ValueError:
            level = record.levelno

        # Find caller from where originated the logged message
        frame, depth = logging.currentframe(), 2
        while frame.f_code.co_filename == logging.__file__:
            frame = frame.f_back
            depth += 1

        # filter sensitive data (this does the trick)
        message = obfuscate_message(record.getMessage())

        loguru.logger.opt(depth=depth, exception=record.exc_info).log(level, message)

use like this:

logger = logging.getLogger()
logger.handlers = [LoguruInterceptHandler()]  # overwrite old handlers
logger.info("This is a demo and here is the pass: secret")