Configuring Data Mask Rules
Nebula Logger provides the ability to automatically mask sensitive data (such as credit card numbers, social security numbers, etc.) within the fields that may contain some sensitive data (e.g. "Message", "Record JSON", etc.). Specifically, it covers masking data in:
LogEntryEvent__e.Message__cLogEntryEvent__e.RecordJson__cLogEntryEvent__e.HttpRequestBody__cLogEntryEvent__e.HttpResponseBody__cLogEntryEvent__e.RestRequestBody__cLogEntryEvent__e.RestResponseBody__c
After processing of LogEntryEvent__e and it's conversion to LogEntry__c object, corresponding fields on LogEntry__c are masked as well.
Pre-built rules are included for Visa credit card numbers, Mastercard credit card numbers, and social security numbers - additional rules can be configured by creating additional LogEntryDataMaskRule__mdt records.
Any time log entries are created, any enabled data mask rules are automatically applied. For example, this Apex script creates 1 Log__c record with 3 LogEntry__c records, which include (fake) credit card & social security number data.
Logger.error('Here is my fake Visa credit card 4000-1111-2222-0004, please don\'t steal it').addTag('data masking rule').addTag('credit card masking');
Logger.warn('Here is my fake Mastercard credit card 5000-1111-2222-0005, please don\'t steal it').addTag('data masking rule').addTag('credit card masking');
Logger.info('In case you want to steal my identity, my fake social is 400-11-9999, thanks', currentUser).addTag('data masking rule').addTag('an informational tag');
Logger.saveLog();With data mask rules enabled, the sensitive data is automatically masked. The screenshot below shows the first two entries have masked credit card numbers, and the third entry has a masked social security number.
Using the hiearchy custom setting LoggerSettings__c, you can choose to enable/data mask rules at the org, profile or user-level.
