-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.go
More file actions
53 lines (42 loc) · 1.37 KB
/
Copy pathmain.go
File metadata and controls
53 lines (42 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// pii demonstrates hashed fields for PII data such as emails, phone numbers,
// and user identifiers. Hashed values are deterministic SHA-256 digests, so
// they can be correlated across log lines without exposing raw PII.
package main
import (
"log/slog"
"os"
slogschema "github.com/silvercory/slog-schema"
)
type User struct {
// ID is hashed — logged as sha256:<hex> so it can still be correlated.
ID uint64 `slog:"id,hashed"`
// Email and Phone are PII — always hashed.
Email string `slog:"email,hashed"`
Phone string `slog:"phone,omitempty,hashed"` // also omitted when blank
// Role is not PII — logged in plain text.
Role string `slog:"role"`
}
type AuditEvent struct {
Action string `slog:"action"`
User User `slog:"user"`
}
func main() {
logger := slog.New(slog.NewTextHandler(os.Stdout, nil))
// Two log lines for the same user will produce identical hashes,
// so they can be correlated without ever logging the raw values.
u := User{
ID: 1001,
Email: "alice@example.com",
Phone: "+447700900000",
Role: "admin",
}
logger.LogAttrs(nil, slog.LevelInfo, "login", slogschema.ToAttrs(u)...)
evt := AuditEvent{
Action: "export_data",
User: u,
}
logger.LogAttrs(nil, slog.LevelWarn, "audit", slogschema.ToAttrs(evt)...)
// Phone omitted when blank.
u.Phone = ""
logger.LogAttrs(nil, slog.LevelInfo, "login", slogschema.ToAttrs(u)...)
}