Redactor
final class Redactor
Utility class responsible for sanitizing and redacting values before they are written to log files.
This class is primarily used by the Logger to prevent sensitive data (password hashes, tokens, JWTs, long strings, emails, etc.) from being written directly to logs.
Supported behavior:
- Primitive values (int, float, bool, null) are returned unchanged.
- Arrays are recursively sanitized.
- Strings are inspected for common secret patterns and masked if needed.
- Long strings are truncated with length preserved.
- Emails have their local part masked.
- Unknown types are summarized by type.
This keeps logs useful for debugging while minimizing the risk of leaking credentials or personally identifiable information.
Constants
| private ALWAYS_REDACT_KEYS |
Array of values to always redact. |
Properties
| static private bool | $didWarnInvalidDbLogParams | Flag that is used to prevent invalid DB_LOG_PARAMS mode warnings per request. |
Methods
Determines whether an array is a list (0..n-1 keys).
Encodes data to JSON for logs safely.
Formats query parameters for logging, based on the DB_LOG_PARAMS mode.
Normalizes DB_LOG_PARAMS to a safe, supported value.
Produces a safe "shape" summary of query parameters without logging values.
Redact an associative array (key-aware). Use this for request data and other structured payloads.
Redacts or sanitizes a value for safe logging.
Recursively sanitizes all values in an array.
Redact a value using the key name as an additional signal.
Sanitizes a string value for logging.
Details
at line 51
static private bool
isList(array $arr)
Determines whether an array is a list (0..n-1 keys).
at line 61
static private string
jsonForLog(mixed $data)
Encodes data to JSON for logs safely.
at line 87
static string
formatParamsForLog(array $params)
Formats query parameters for logging, based on the DB_LOG_PARAMS mode.
Supported modes (via Env::get('DB_LOG_PARAMS')):
- none (default): logs only parameter count and types/lengths (no values).
- masked: logs redacted values using safeParams().
- full : logs full raw parameter values (not recommended outside local/dev).
This is designed to prevent sensitive data (passwords, tokens, emails, etc.) from being written to logs in production while still preserving useful debugging context (execution timing, SQL, parameter shape).
at line 124
static private string
normalizeParamLogMode(string|null $raw, string $default = 'none')
Normalizes DB_LOG_PARAMS to a safe, supported value.
Accepts common .env formatting such as quoted values ('full', "masked") and ignores leading/trailing whitespace. If the value is not recognized, it falls back to a safe default and emits a warning.
Allowed values: none|masked|full
at line 148
static string
paramSummary(array $params)
Produces a safe "shape" summary of query parameters without logging values.
Example:
count=3 types=[int,string(12),null]
at line 169
static array
redactAssoc(array $data)
Redact an associative array (key-aware). Use this for request data and other structured payloads.
at line 193
static mixed
redact(mixed $value)
Redacts or sanitizes a value for safe logging.
Primitive values are returned as-is. Strings and arrays are inspected and masked or summarized as appropriate.
at line 218
static private array
redactArray(array $arr)
Recursively sanitizes all values in an array.
Each element is passed through the main redact() method to ensure nested structures are handled consistently.
at line 229
static private mixed
redactKeyValue(string $key, mixed $value)
Redact a value using the key name as an additional signal.
at line 272
static private string
redactString(string $s)
Sanitizes a string value for logging.
This method detects and masks:
- Password hashes (bcrypt/argon)
- Bearer tokens
- JWTs
It also:
- Masks email usernames
- Truncates long strings while preserving length
- Preserves short, non-sensitive strings