How to redact sensitive information from logs using Pino & Pino Noir

image courtesy Datadog

Pino is a very low overhead logger for Node (their documentation claims it is over 5 times faster than alternatives). Here’s how to create a re-usable logger using Pino, and use Pino Noir.

Here’s a github repo if you’d like to jump into the code directly: https://github.com/nkhil/simple-logger

Here’s what our main index.js module looks like:

const pino = require('pino');
const noir = require('pino-noir');
const { redactionKeys } = require('./redaction/redaction-keys');const serializers = { err: pino.stdSerializers.err };module.exports = pino({
level: process.env.LOG_LEVEL || 'info',
serializers: noir(serializers, redactionKeys),
})

Quick notes about the code above:

  • The index module initialises pino with level and serializer keys
  • We’re using the pino standard error serializer to serialize errors
  • We pass both the serializers (the pino standard error serializer) and redaction keys (more on this below) to the serializers key.

Redacting keys

module.exports = {
redactionKeys: [
'password',
'userId',
'email',
'emailAddress',
'address.*',
'details.user.*'
],
}

Pino Noir lets us use wildcards (eg: address.* ), as well as chained keys (eg: details.user ) to redact important information from the logs.

I like making things and solving problems. http://nikhilvijayan.com.