Data Masking
ByteHide Logger automatically masks sensitive data in your logs based on configurable key patterns. Protect passwords, API keys, and personal information from appearing in plain text.
Configure Sensitive Keys
Add keys that should be masked in log output:
Java
Log.addSensitiveKey("password");
Log.addSensitiveKey("apiKey");
Log.addSensitiveKey("token");
Log.addSensitiveKey("creditCard");Log.addSensitiveKey("password");
Log.addSensitiveKey("apiKey");
Log.addSensitiveKey("token");
Log.addSensitiveKey("creditCard");How It Works
When a sensitive key is detected in log context, its value is replaced with "***":
Java
import java.util.Map;
import java.util.HashMap;
Log.addSensitiveKey("password");
Log.addSensitiveKey("apiKey");
Map<String, Object> data = new HashMap<>();
data.put("username", "john");
data.put("password", "secret123"); // Will be masked as "***"
data.put("apiKey", "sk_live_123"); // Will be masked as "***"
Log.info("Login attempt", null, data);import java.util.Map;
import java.util.HashMap;
Log.addSensitiveKey("password");
Log.addSensitiveKey("apiKey");
Map<String, Object> data = new HashMap<>();
data.put("username", "john");
data.put("password", "secret123"); // Will be masked as "***"
data.put("apiKey", "sk_live_123"); // Will be masked as "***"
Log.info("Login attempt", null, data);Common Sensitive Patterns
Authentication Data
Java
Log.addSensitiveKey("password");
Log.addSensitiveKey("token");
Log.addSensitiveKey("secret");
Log.addSensitiveKey("apiKey");
Log.addSensitiveKey("bearerToken");Log.addSensitiveKey("password");
Log.addSensitiveKey("token");
Log.addSensitiveKey("secret");
Log.addSensitiveKey("apiKey");
Log.addSensitiveKey("bearerToken");Personal Information
Java
Log.addSensitiveKey("ssn");
Log.addSensitiveKey("socialSecurityNumber");
Log.addSensitiveKey("creditCard");
Log.addSensitiveKey("bankAccount");Log.addSensitiveKey("ssn");
Log.addSensitiveKey("socialSecurityNumber");
Log.addSensitiveKey("creditCard");
Log.addSensitiveKey("bankAccount");Connection Strings
Java
Log.addSensitiveKey("connectionString");
Log.addSensitiveKey("databaseUrl");
Log.addSensitiveKey("connectionPassword");Log.addSensitiveKey("connectionString");
Log.addSensitiveKey("databaseUrl");
Log.addSensitiveKey("connectionPassword");Compliance Configuration
GDPR Compliance
Java
Log.addSensitiveKey("email");
Log.addSensitiveKey("phone");
Log.addSensitiveKey("address");
Log.addSensitiveKey("dateOfBirth");
Log.addSensitiveKey("ipAddress");Log.addSensitiveKey("email");
Log.addSensitiveKey("phone");
Log.addSensitiveKey("address");
Log.addSensitiveKey("dateOfBirth");
Log.addSensitiveKey("ipAddress");HIPAA Compliance
Java
Log.addSensitiveKey("patientId");
Log.addSensitiveKey("medicalRecordNumber");
Log.addSensitiveKey("diagnosis");
Log.addSensitiveKey("prescription");Log.addSensitiveKey("patientId");
Log.addSensitiveKey("medicalRecordNumber");
Log.addSensitiveKey("diagnosis");
Log.addSensitiveKey("prescription");Best Practices
Data Masking Best Practices
- Configure masking early in your application startup
- Include all sensitive key variations (e.g., "password", "passwd", "pwd")
- Review masked output to ensure all sensitive data is covered
- Combine with log levels to reduce sensitive data exposure
- Test masking configuration before deploying to production