Monitorex.HeaderRedactor (monitorex v0.3.0)

Copy Markdown

Redacts sensitive HTTP header values before events are stored.

Header names matching the configured denylist (case-insensitive) have their values replaced with "••••redacted••••".

Summary

Functions

default_redacted_headers()

Returns the default list of sensitive header names.

redact_headers(headers)

Redacts headers using the application-configured denylist.

redact_headers(headers, redacted_list)

Redacts header values whose names match the configured denylist.

Functions

default_redacted_headers()

@spec default_redacted_headers() :: [String.t()]

Returns the default list of sensitive header names.

redact_headers(headers)

@spec redact_headers([{atom() | String.t(), String.t()}]) :: [
  {atom() | String.t(), String.t()}
]

Redacts headers using the application-configured denylist.

redact_headers(headers, redacted_list)

@spec redact_headers([{atom() | String.t(), String.t()}], [String.t()]) :: [
  {atom() | String.t(), String.t()}
]

Redacts header values whose names match the configured denylist.

Accepts a list of {name, value} tuples where name may be a string or atom. Returns the same shape with matching values replaced.

The denylist is read from application config :redacted_headers (defaults to default_redacted_headers/0).

Examples

iex> Monitorex.HeaderRedactor.redact_headers(
...>   [{"authorization", "Bearer secret"}, {"content-type", "application/json"}],
...>   ["authorization"]
...> )
[{"authorization", "••••redacted••••"}, {"content-type", "application/json"}]

iex> Monitorex.HeaderRedactor.redact_headers([], ["authorization"])
[]