laravel-pii-log-sanitizer maintained by altinvest
Laravel PII Log Sanitizer
Reusable Laravel package for masking PII data in application logs.
Package Details
Package name:
altinvest/laravel-pii-log-sanitizer
Namespace:
AltInvest\PiiLogSanitizer
Local package path inside Laravel service:
packages/altinvest/laravel-pii-log-sanitizer
Project config file after publishing:
config/log_pii.php
Config publish tag:
pii-log-sanitizer-config
Purpose
This package attaches a Monolog processor to Laravel log channels and masks sensitive user data before logs are written.
It helps prevent sensitive information from being exposed in:
storage/logs/laravel.log
Docker stderr logs
CloudWatch logs
Papertrail logs
Slack critical logs
Syslog/errorlog logs
The package masks PII only in log output. It does not modify the original application data.
What It Masks
The package supports masking for:
Email
Phone / mobile number
Name
PAN
Aadhaar / Aadhar
Passport
Password
OTP
PIN
Access token
Refresh token
JWT
Authorization header
API key
Bank account
Card number
CVV
Address
DOB
Device identifiers
Tax identifiers
It also supports masking sensitive values inside plain log messages.
Example:
Log::info('User email is mahendra.ulaka@altinvest.ai and phone is 9876543210');
Expected output will contain masked email and phone values.
Package Structure
This package should be placed inside the Laravel service like this:
packages/
└── altinvest/
└── laravel-pii-log-sanitizer/
├── composer.json
├── README.md
├── config/
│ └── log_pii.php
└── src/
├── PiiLogSanitizerServiceProvider.php
├── RegisterPiiLogSanitizerProcessor.php
└── SanitizeLogProcessor.php
Requirements
PHP >= 8.1
Laravel 9, 10, 11 or 12
Monolog 3
Important:
This package uses:
Monolog\LogRecord
So it is compatible with Monolog 3.
For Laravel 8 / PHP 7.x / Monolog 2 projects, create a separate compatible version of this package.
Package composer.json
The package composer.json should contain:
{
"name": "altinvest/laravel-pii-log-sanitizer",
"description": "Reusable Laravel package for masking PII data in application logs.",
"type": "library",
"license": "proprietary",
"autoload": {
"psr-4": {
"AltInvest\\PiiLogSanitizer\\": "src/"
}
},
"extra": {
"laravel": {
"providers": [
"AltInvest\\PiiLogSanitizer\\PiiLogSanitizerServiceProvider"
]
}
},
"require": {
"php": ">=8.1",
"illuminate/support": "^9.0|^10.0|^11.0|^12.0",
"monolog/monolog": "^3.0"
},
"minimum-stability": "dev",
"prefer-stable": true
}
Installation In Same Laravel Project
Inside the consuming Laravel project, for example auth_service, update the root composer.json.
Add this at the root level of composer.json:
"repositories": [
{
"type": "path",
"url": "packages/altinvest/laravel-pii-log-sanitizer",
"options": {
"symlink": true
}
}
]
Or run this command from the Laravel project root:
composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'
Then install the package:
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
composer dump-autoload
php artisan optimize:clear
Install / Update Latest Local Package Changes
Use this section when you updated files inside:
packages/altinvest/laravel-pii-log-sanitizer
Run from Laravel project root:
cd /var/www/html
composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
This will:
1. Register the local package path.
2. Install or update the package from packages/altinvest/laravel-pii-log-sanitizer.
3. Force update config/log_pii.php from the package config file.
4. Refresh Composer autoload.
5. Clear Laravel cached config, services, routes, and packages.
Update Already Installed Package
If the package is already installed and you only changed package code or config, run:
cd /var/www/html
composer update altinvest/laravel-pii-log-sanitizer --with-dependencies
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
When Package Is Symlinked
Check whether the package is symlinked:
ls -la vendor/altinvest/laravel-pii-log-sanitizer
If output shows something like:
vendor/altinvest/laravel-pii-log-sanitizer -> packages/altinvest/laravel-pii-log-sanitizer
then package PHP code changes are reflected directly.
For PHP class changes, usually run:
composer dump-autoload
php artisan optimize:clear
For config changes, always run force publish:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear
Force Publish Config
To publish the package config:
php artisan vendor:publish --tag=pii-log-sanitizer-config
To force update the project config file after package config changes:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
This creates or updates:
config/log_pii.php
Important:
--force will overwrite the existing config/log_pii.php file.
Use it only when you intentionally want the latest package config to replace the local project config.
Alternative provider-based command:
php artisan vendor:publish --provider="AltInvest\\PiiLogSanitizer\\PiiLogSanitizerServiceProvider" --force
Recommended command:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
Service Provider Publish Setup
The package service provider should publish config like this:
public function boot(): void
{
$this->publishes([
__DIR__ . '/../config/log_pii.php' => config_path('log_pii.php'),
], 'pii-log-sanitizer-config');
}
It should also merge config:
public function register(): void
{
$this->mergeConfigFrom(
__DIR__ . '/../config/log_pii.php',
'log_pii'
);
}
Local Check Installed Package Details
Run:
composer show altinvest/laravel-pii-log-sanitizer
ls -la vendor/altinvest/laravel-pii-log-sanitizer
grep -R "PiiLogSanitizerServiceProvider" bootstrap/cache/packages.php
grep -R "auto_tap" -n config/log_pii.php
Environment Variables
Recommended local values:
LOG_CHANNEL=single
LOG_STACK=single
LOG_LEVEL=debug
PII_LOG_MASKING=true
PII_MASK_DETECTED_VALUES=true
PII_DEFAULT_STRATEGY=full
PII_MAX_DEPTH=10
PII_LOG_AUTO_TAP=true
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch
Recommended production values:
LOG_CHANNEL=stack
LOG_STACK=stderr,cloudwatch
LOG_LEVEL=info
PII_LOG_MASKING=true
PII_MASK_DETECTED_VALUES=true
PII_DEFAULT_STRATEGY=full
PII_MAX_DEPTH=10
PII_LOG_AUTO_TAP=true
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch
Configuration
The package config file is:
config/log_pii.php
Important config options:
'enabled' => env('PII_LOG_MASKING', true),
Enables or disables masking.
'mask_detected_values' => env('PII_MASK_DETECTED_VALUES', true),
When enabled, the package detects and masks sensitive values even when the key name is not configured.
Example:
Log::info('User email is mahendra.ulaka@altinvest.ai');
The email is masked because it is detected inside the message string.
'max_depth' => env('PII_MAX_DEPTH', 10),
Prevents very deep recursive payloads from causing performance issues.
'auto_tap' => [
'enabled' => env('PII_LOG_AUTO_TAP', true),
],
Automatically attaches the sanitizer to configured Laravel log channels.
How It Works
The package automatically registers a Monolog processor that sanitizes log data before it is written to the configured log channel.
Flow:
Application
|
v
Log::info() / Log::error() / Log::warning()
|
v
Laravel Log Channel
|
v
RegisterPiiLogSanitizerProcessor
|
v
SanitizeLogProcessor
|
v
Mask Sensitive Data
|
v
Monolog Writer
|
v
Log Destination
The processor sanitizes:
Log message
Log context
Log extra data
Nested arrays
Collections
Eloquent models
Model relations
The original application data is never modified. Only the data written to logs is sanitized.
How Auto Tap Works
The package automatically attaches this tap class to Laravel log channels:
AltInvest\PiiLogSanitizer\RegisterPiiLogSanitizerProcessor::class
That tap class registers this Monolog processor:
AltInvest\PiiLogSanitizer\SanitizeLogProcessor::class
The processor sanitizes:
Log message
Log context
Log extra data
Because auto tap is enabled by default, you usually do not need to manually change config/logging.php.
Do We Need To Update config/logging.php?
By default, no manual change is required.
The package automatically adds the sanitizer tap to these channels:
stack
single
daily
slack
papertrail
stderr
syslog
errorlog
cloudwatch
This is controlled by:
PII_LOG_AUTO_TAP=true
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch
Recommended approach:
Use PII_LOG_AUTO_TAP=true.
Avoid repeated manual config/logging.php changes.
Manual logging.php Setup
If auto tap is disabled:
PII_LOG_AUTO_TAP=false
Then manually add this to each active log channel in config/logging.php:
'tap' => [
AltInvest\PiiLogSanitizer\RegisterPiiLogSanitizerProcessor::class,
],
Example:
'single' => [
'driver' => 'single',
'path' => storage_path('logs/laravel.log'),
'level' => env('LOG_LEVEL', 'debug'),
'replace_placeholders' => true,
'tap' => [
AltInvest\PiiLogSanitizer\RegisterPiiLogSanitizerProcessor::class,
],
],
Adding New Configuration Keys
Use this section when adding a new config option to the package.
Example requirement:
Add a new config key to control whether plain-text phone numbers should be detected and masked.
1. Update Package Config
Update:
packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php
Add the new key:
'mask_plain_phone_numbers' => env('PII_MASK_PLAIN_PHONE_NUMBERS', true),
Example inside config:
return [
'enabled' => env('PII_LOG_MASKING', true),
'mask_detected_values' => env('PII_MASK_DETECTED_VALUES', true),
'mask_plain_phone_numbers' => env('PII_MASK_PLAIN_PHONE_NUMBERS', true),
'default_strategy' => env('PII_DEFAULT_STRATEGY', 'full'),
'max_depth' => env('PII_MAX_DEPTH', 10),
];
2. Use The Config In Package Code
Update the relevant logic in:
packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php
Example:
if (config('log_pii.mask_plain_phone_numbers', true)) {
// detect and mask plain phone numbers
}
3. Update README Environment Variables
Add the environment variable to the local and production .env examples:
PII_MASK_PLAIN_PHONE_NUMBERS=true
4. Force Publish Config In Laravel Project
After changing package config, run from the Laravel project root:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
This updates:
config/log_pii.php
5. Verify Updated Config
Run:
grep -R "mask_plain_phone_numbers" -n config/log_pii.php
Where To Update If Change Is Required
| Requirement | File to Update |
|---|---|
| Add new config key | packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php |
| Change default config value | packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php |
| Use config value in logic | packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php |
| Add new environment variable | .env, .env.example, and README |
| Add new masking key or pattern | packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php |
| Add new masking strategy | packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php |
| Change masking implementation | packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php |
| Change processor registration | packages/altinvest/laravel-pii-log-sanitizer/src/RegisterPiiLogSanitizerProcessor.php |
| Change config publish path or tag | packages/altinvest/laravel-pii-log-sanitizer/src/PiiLogSanitizerServiceProvider.php |
| Change auto tap behaviour | packages/altinvest/laravel-pii-log-sanitizer/src/RegisterPiiLogSanitizerProcessor.php |
| Change package boot/register logic | packages/altinvest/laravel-pii-log-sanitizer/src/PiiLogSanitizerServiceProvider.php |
| Update installation steps | packages/altinvest/laravel-pii-log-sanitizer/README.md |
| Update troubleshooting steps | packages/altinvest/laravel-pii-log-sanitizer/README.md |
Updating Existing Configuration
Whenever you update the package configuration file:
packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php
publish the latest configuration into the Laravel project:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
Important:
--force overwrites config/log_pii.php in the Laravel project.
Use it only when the Laravel project should receive the latest package config.
Development Workflow
Whenever package PHP code changes:
composer dump-autoload
php artisan optimize:clear
Whenever package configuration changes:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
Whenever a new class is added:
composer dump-autoload
php artisan package:discover
php artisan optimize:clear
Whenever package composer.json changes:
composer update altinvest/laravel-pii-log-sanitizer --with-dependencies
composer dump-autoload
php artisan optimize:clear
Whenever provider discovery looks stale:
rm -f bootstrap/cache/packages.php \
bootstrap/cache/services.php \
bootstrap/cache/config.php \
bootstrap/cache/events.php \
bootstrap/cache/routes-v7.php
composer dump-autoload
php artisan package:discover
php artisan optimize:clear
Basic Usage Example
Application code:
use Illuminate\Support\Facades\Log;
Log::info('User login attempt', [
'email' => 'mahendra.ulaka@altinvest.ai',
'mobile_number' => '9876543210',
'password' => 'secret123',
'otp' => '123456',
]);
Expected masked output:
[
'email' => 'ma***********@a********.ai',
'mobile_number' => '9876****10',
'password' => '[PASSWORD_MASKED]',
'otp' => '[OTP_MASKED]',
]
Eloquent Model And Relation Masking
Example:
$user = \App\Models\User::where('id', 408)
->with(['contactDetail', 'adminUser.user'])
->first();
Log::info('User model test', [
'user' => $user,
]);
Expected behavior:
The user object remains visible.
The contactDetail relation remains visible.
Sensitive fields inside the relation are masked.
Example masked structure:
[
'user' => [
'id' => 408,
'first_name' => 'M*******',
'last_name' => 'U****',
'email' => 'ma***********@a********.ai',
'contact_detail' => [
'id' => 10,
'country_code' => '91',
'contact_no' => '9876****10',
'email_id' => 'ma***********@a********.ai',
],
],
]
Important:
Relation names like contactDetail may match wildcard patterns like *contact*.
The package should not mask the full relation object. Instead, it should recursively sanitize the fields inside it.
Testing In Tinker
Run:
php artisan optimize:clear
php artisan tinker
Then run:
use Illuminate\Support\Facades\Log;
Log::info('PII sanitizer test mahendra.ulaka@altinvest.ai 9876543210', [
'email' => 'mahendra.ulaka@altinvest.ai',
'mobile_number' => '9876543210',
'password' => 'secret123',
'otp' => '123456',
'pin' => '1234',
'token' => 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMifQ.signature',
'pan' => 'ABCDE1234F',
'aadhaar' => '123456789012',
'passport' => 'M1234567',
'contactDetail' => [
'id' => 10,
'country_code' => '91',
'contact_no' => '9876543210',
'email_id' => 'mahendra.ulaka@altinvest.ai',
],
]);
Check log:
tail -n 100 storage/logs/laravel.log
Expected:
Email should be masked
Mobile number should be masked
Password should be [PASSWORD_MASKED]
OTP should be [OTP_MASKED]
PIN should be [PIN_MASKED]
Token should be [TOKEN_MASKED]
PAN should be masked
Aadhaar should be masked
Passport should be masked
contactDetail should remain visible
contactDetail.contact_no should be masked
contactDetail.email_id should be masked
country_code should remain visible
Testing With Browser GET Request
Create a temporary test route only for local testing:
Route::get('/test-logging', function () {
\Illuminate\Support\Facades\Log::info('PII browser test', [
'name' => request('name'),
'email' => request('email'),
'phone' => request('phone'),
'contact' => request('contact'),
'pan' => request('pan'),
'passport' => request('passport'),
'aadhaar' => request('aadhaar'),
]);
return response()->json([
'message' => 'PII test log written. Check Laravel logs.',
]);
});
Open in browser:
http://auth.localhost/test-logging?name=Mahendra&email=mahendra.ulaka@altinvest.ai&phone=9876543210&contact=9876543210&pan=ABCDE1234F&passport=M1234567&aadhaar=123456789012
Then check:
tail -n 100 storage/logs/laravel.log
Remove the test route after verification.
Clear Cache After Changes
After installing package or changing package code:
composer dump-autoload
php artisan optimize:clear
After changing package config and needing latest config in the Laravel app:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
For production after final verification:
php artisan config:cache
Rollout Steps For auth_service
- Create package directory:
mkdir -p packages/altinvest/laravel-pii-log-sanitizer/src
mkdir -p packages/altinvest/laravel-pii-log-sanitizer/config
- Add package files:
composer.json
README.md
config/log_pii.php
src/PiiLogSanitizerServiceProvider.php
src/RegisterPiiLogSanitizerProcessor.php
src/SanitizeLogProcessor.php
- Add path repository in root
composer.json.
composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'
- Install package:
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
composer dump-autoload
php artisan optimize:clear
- Force publish config:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
-
Add
.envvalues. -
Test logs.
-
Remove old app-level files after package is confirmed working:
rm -f app/Logging/SanitizeLogProcessor.php
rm -f app/Logging/RegisterPiiSanitizerProcessor.php
rm -f app/Logging/RegisterPiiLogSanitizerProcessor.php
rm -f app/Logging/CustomizeFormatter.php
- Remove old manual tap references from
config/logging.phpif auto tap is enabled.
Rollout Steps For Other Services
For each service:
opportunity_service
rent_management_service
engagement_service
entity_service
reporting_service
distributor_service
support_service
Do:
1. Copy or install the package.
2. Add Composer path repository.
3. Run Composer require.
4. Force publish config.
5. Add .env values.
6. Run optimize clear.
7. Test logs.
8. Verify logs in actual service log destination.
Commands:
composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
Future Installation From Git Repository
Once the package is moved to a separate Git repository, replace the local path repository with a VCS repository.
Example:
"repositories": [
{
"type": "vcs",
"url": "git@bitbucket.org:YOUR_WORKSPACE/laravel-pii-log-sanitizer.git"
}
]
Then install:
composer require altinvest/laravel-pii-log-sanitizer:^1.0 --with-dependencies
composer dump-autoload
php artisan optimize:clear
Force publish config after install or config update:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear
Git Notes
Git does not track empty directories.
The package directory must contain files before Git detects it.
Check package files:
find packages/altinvest/laravel-pii-log-sanitizer -maxdepth 3 -type f
Check Git status:
git status --untracked-files=all -- packages
Add package:
git add packages/altinvest/laravel-pii-log-sanitizer
If ignored:
git add -f packages/altinvest/laravel-pii-log-sanitizer
Troubleshooting
Package Not Detected By Composer
Run:
composer dump-autoload
php artisan package:discover
php artisan optimize:clear
Check that root composer.json contains:
"repositories": [
{
"type": "path",
"url": "packages/altinvest/laravel-pii-log-sanitizer",
"options": {
"symlink": true
}
}
]
Check that package composer.json contains:
"name": "altinvest/laravel-pii-log-sanitizer"
Then run:
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
minimum-stability Error
Error:
found altinvest/laravel-pii-log-sanitizer[dev-main] but it does not match your minimum-stability
Use this install command:
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
Do not use:
composer require altinvest/laravel-pii-log-sanitizer:*
Because * may fail when the local package only has dev-main.
Class Not Found
Run:
composer dump-autoload
php artisan optimize:clear
Check namespace:
namespace AltInvest\PiiLogSanitizer;
Check package autoload:
"autoload": {
"psr-4": {
"AltInvest\\PiiLogSanitizer\\": "src/"
}
}
Check provider discovery:
grep -R "PiiLogSanitizerServiceProvider" bootstrap/cache/packages.php
If cache is stale, remove cached files and discover again:
rm -f bootstrap/cache/packages.php \
bootstrap/cache/services.php \
bootstrap/cache/config.php \
bootstrap/cache/events.php \
bootstrap/cache/routes-v7.php
composer dump-autoload
php artisan package:discover
php artisan optimize:clear
Config Not Updating
Force publish package config:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear
Check config:
grep -R "auto_tap" -n config/log_pii.php
cat config/log_pii.php
Important:
--force overwrites config/log_pii.php.
Use this only when you want latest package config to replace local config.
No Publishable Resources
If this command says no publishable resources:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
Check that PiiLogSanitizerServiceProvider contains:
public function boot(): void
{
$this->publishes([
__DIR__ . '/../config/log_pii.php' => config_path('log_pii.php'),
], 'pii-log-sanitizer-config');
}
Then run:
composer dump-autoload
php artisan package:discover
php artisan optimize:clear
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
Logs Are Not Masked
Check .env:
PII_LOG_MASKING=true
PII_LOG_AUTO_TAP=true
PII_MASK_DETECTED_VALUES=true
Clear cache:
php artisan optimize:clear
Check active log channel:
LOG_CHANNEL=single
or:
LOG_CHANNEL=stack
LOG_STACK=stderr,cloudwatch
Make sure the active channels are present in:
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch
contactDetail Relation Fully Masked
The sanitizer should not fully mask relation objects.
Expected behavior:
contactDetail object remains visible
inner fields like contact_no and email_id are masked
If the full object is masked, ensure the latest SanitizeLogProcessor contains structured value handling:
if ($this->isStructuredValue($value)) {
$data[$key] = $this->sanitize($value, $depth + 1);
} else {
$data[$key] = $this->applyStrategy($value, $strategy);
}
Then force update package changes:
composer update altinvest/laravel-pii-log-sanitizer --with-dependencies
composer dump-autoload
php artisan optimize:clear
If config also changed:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear
Maintenance Checklist
Whenever a feature is added to this package, verify the following:
1. Add or update implementation in src/.
2. Update config/log_pii.php if required.
3. Add new .env variables if required.
4. Update README.md.
5. Publish the updated config using --force.
6. Run composer dump-autoload.
7. Run php artisan optimize:clear.
8. Test using Tinker.
9. Test using browser/API request.
10. Verify masked output in Laravel logs.
11. Verify auto tap still works correctly.
Production Notes
Recommended production log level:
LOG_LEVEL=info
Avoid using:
LOG_LEVEL=debug
in production unless temporarily required.
Do not log raw request payloads unless required.
Avoid logging full exception objects with sensitive payloads.
Throwable objects are not modified directly by default because Laravel and Monolog handle exception serialization separately.
Sensitive data inside exception messages or traces may still appear if the application puts PII into exception messages.
Security Notes
This package reduces risk of exposing PII in logs, but it does not replace secure coding practices.
Avoid logging:
Full request payloads
Passwords
OTP values
PIN values
Access tokens
Refresh tokens
Authorization headers
Full user objects unless necessary
Payment details
Government ID documents
Use safe logging patterns:
Log::info('User login attempt', [
'user_id' => $user->id,
'email' => $user->email,
]);
Do not do this unless required:
Log::info('Full request payload', request()->all());
Final Recommended Setup
Use this final setup:
Package:
packages/altinvest/laravel-pii-log-sanitizer
Package name:
altinvest/laravel-pii-log-sanitizer
Namespace:
AltInvest\PiiLogSanitizer
Auto tap:
enabled
Project config:
config/log_pii.php
Config publish tag:
pii-log-sanitizer-config
Manual config/logging.php changes:
not required when PII_LOG_AUTO_TAP=true
Final local update command:
cd /var/www/html
composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear
Versioning Policy:
v2.x supports PHP 8.1+ and Laravel 9–12. v1.x is reserved for a future legacy compatibility branch supporting PHP 7.x and older Laravel versions (such as Laravel 5.5).
Version Compatibility
| Package Version | PHP | Laravel |
|---|---|---|
| 2.x | 8.1+ | 9.x, 10.x, 11.x, 12.x |
| 1.x | Reserved for future legacy compatibility with older Laravel/PHP versions |
Compatibility
Current releases support:
- PHP 8.1+
- Laravel 9–12
A separate 1.x release line may be introduced in the future for legacy Laravel/PHP compatibility if needed.