Looking to hire Laravel developers? Try LaraJobs

laravel-pii-log-sanitizer maintained by altinvest

Description
Automatically sanitize and mask sensitive PII data in Laravel application logs using configurable key and pattern-based masking. A Laravel package that automatically masks sensitive data such as emails, phone numbers, passwords, tokens, PAN, Aadhaar, and credit cards before writing logs.
Author
Mahendra Ulaka
Last update
2026/07/17 13:01 (dev-main)
License
Downloads
0

Comments
comments powered by Disqus

Laravel PII Log Sanitizer

Reusable Laravel package for masking PII data in application logs.


Package Details

Package name:

altinvest/laravel-pii-log-sanitizer

Namespace:

AltInvest\PiiLogSanitizer

Local package path inside Laravel service:

packages/altinvest/laravel-pii-log-sanitizer

Project config file after publishing:

config/log_pii.php

Config publish tag:

pii-log-sanitizer-config

Purpose

This package attaches a Monolog processor to Laravel log channels and masks sensitive user data before logs are written.

It helps prevent sensitive information from being exposed in:

storage/logs/laravel.log
Docker stderr logs
CloudWatch logs
Papertrail logs
Slack critical logs
Syslog/errorlog logs

The package masks PII only in log output. It does not modify the original application data.


What It Masks

The package supports masking for:

Email
Phone / mobile number
Name
PAN
Aadhaar / Aadhar
Passport
Password
OTP
PIN
Access token
Refresh token
JWT
Authorization header
API key
Bank account
Card number
CVV
Address
DOB
Device identifiers
Tax identifiers

It also supports masking sensitive values inside plain log messages.

Example:

Log::info('User email is mahendra.ulaka@altinvest.ai and phone is 9876543210');

Expected output will contain masked email and phone values.


Package Structure

This package should be placed inside the Laravel service like this:

packages/
└── altinvest/
    └── laravel-pii-log-sanitizer/
        ├── composer.json
        ├── README.md
        ├── config/
        │   └── log_pii.php
        └── src/
            ├── PiiLogSanitizerServiceProvider.php
            ├── RegisterPiiLogSanitizerProcessor.php
            └── SanitizeLogProcessor.php

Requirements

PHP >= 8.1
Laravel 9, 10, 11 or 12
Monolog 3

Important:

This package uses:

Monolog\LogRecord

So it is compatible with Monolog 3.

For Laravel 8 / PHP 7.x / Monolog 2 projects, create a separate compatible version of this package.


Package composer.json

The package composer.json should contain:

{
    "name": "altinvest/laravel-pii-log-sanitizer",
    "description": "Reusable Laravel package for masking PII data in application logs.",
    "type": "library",
    "license": "proprietary",
    "autoload": {
        "psr-4": {
            "AltInvest\\PiiLogSanitizer\\": "src/"
        }
    },
    "extra": {
        "laravel": {
            "providers": [
                "AltInvest\\PiiLogSanitizer\\PiiLogSanitizerServiceProvider"
            ]
        }
    },
    "require": {
        "php": ">=8.1",
        "illuminate/support": "^9.0|^10.0|^11.0|^12.0",
        "monolog/monolog": "^3.0"
    },
    "minimum-stability": "dev",
    "prefer-stable": true
}

Installation In Same Laravel Project

Inside the consuming Laravel project, for example auth_service, update the root composer.json.

Add this at the root level of composer.json:

"repositories": [
    {
        "type": "path",
        "url": "packages/altinvest/laravel-pii-log-sanitizer",
        "options": {
            "symlink": true
        }
    }
]

Or run this command from the Laravel project root:

composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'

Then install the package:

composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
composer dump-autoload
php artisan optimize:clear

Install / Update Latest Local Package Changes

Use this section when you updated files inside:

packages/altinvest/laravel-pii-log-sanitizer

Run from Laravel project root:

cd /var/www/html

composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'

composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

composer dump-autoload
php artisan optimize:clear

This will:

1. Register the local package path.
2. Install or update the package from packages/altinvest/laravel-pii-log-sanitizer.
3. Force update config/log_pii.php from the package config file.
4. Refresh Composer autoload.
5. Clear Laravel cached config, services, routes, and packages.

Update Already Installed Package

If the package is already installed and you only changed package code or config, run:

cd /var/www/html

composer update altinvest/laravel-pii-log-sanitizer --with-dependencies

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

composer dump-autoload
php artisan optimize:clear

When Package Is Symlinked

Check whether the package is symlinked:

ls -la vendor/altinvest/laravel-pii-log-sanitizer

If output shows something like:

vendor/altinvest/laravel-pii-log-sanitizer -> packages/altinvest/laravel-pii-log-sanitizer

then package PHP code changes are reflected directly.

For PHP class changes, usually run:

composer dump-autoload
php artisan optimize:clear

For config changes, always run force publish:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear

Force Publish Config

To publish the package config:

php artisan vendor:publish --tag=pii-log-sanitizer-config

To force update the project config file after package config changes:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

This creates or updates:

config/log_pii.php

Important:

--force will overwrite the existing config/log_pii.php file.
Use it only when you intentionally want the latest package config to replace the local project config.

Alternative provider-based command:

php artisan vendor:publish --provider="AltInvest\\PiiLogSanitizer\\PiiLogSanitizerServiceProvider" --force

Recommended command:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

Service Provider Publish Setup

The package service provider should publish config like this:

public function boot(): void
{
    $this->publishes([
        __DIR__ . '/../config/log_pii.php' => config_path('log_pii.php'),
    ], 'pii-log-sanitizer-config');
}

It should also merge config:

public function register(): void
{
    $this->mergeConfigFrom(
        __DIR__ . '/../config/log_pii.php',
        'log_pii'
    );
}

Local Check Installed Package Details

Run:

composer show altinvest/laravel-pii-log-sanitizer
ls -la vendor/altinvest/laravel-pii-log-sanitizer
grep -R "PiiLogSanitizerServiceProvider" bootstrap/cache/packages.php
grep -R "auto_tap" -n config/log_pii.php

Environment Variables

Recommended local values:

LOG_CHANNEL=single
LOG_STACK=single
LOG_LEVEL=debug

PII_LOG_MASKING=true
PII_MASK_DETECTED_VALUES=true
PII_DEFAULT_STRATEGY=full
PII_MAX_DEPTH=10
PII_LOG_AUTO_TAP=true
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch

Recommended production values:

LOG_CHANNEL=stack
LOG_STACK=stderr,cloudwatch
LOG_LEVEL=info

PII_LOG_MASKING=true
PII_MASK_DETECTED_VALUES=true
PII_DEFAULT_STRATEGY=full
PII_MAX_DEPTH=10
PII_LOG_AUTO_TAP=true
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch

Configuration

The package config file is:

config/log_pii.php

Important config options:

'enabled' => env('PII_LOG_MASKING', true),

Enables or disables masking.

'mask_detected_values' => env('PII_MASK_DETECTED_VALUES', true),

When enabled, the package detects and masks sensitive values even when the key name is not configured.

Example:

Log::info('User email is mahendra.ulaka@altinvest.ai');

The email is masked because it is detected inside the message string.

'max_depth' => env('PII_MAX_DEPTH', 10),

Prevents very deep recursive payloads from causing performance issues.

'auto_tap' => [
    'enabled' => env('PII_LOG_AUTO_TAP', true),
],

Automatically attaches the sanitizer to configured Laravel log channels.


How It Works

The package automatically registers a Monolog processor that sanitizes log data before it is written to the configured log channel.

Flow:

Application
      |
      v
Log::info() / Log::error() / Log::warning()
      |
      v
Laravel Log Channel
      |
      v
RegisterPiiLogSanitizerProcessor
      |
      v
SanitizeLogProcessor
      |
      v
Mask Sensitive Data
      |
      v
Monolog Writer
      |
      v
Log Destination

The processor sanitizes:

Log message
Log context
Log extra data
Nested arrays
Collections
Eloquent models
Model relations

The original application data is never modified. Only the data written to logs is sanitized.


How Auto Tap Works

The package automatically attaches this tap class to Laravel log channels:

AltInvest\PiiLogSanitizer\RegisterPiiLogSanitizerProcessor::class

That tap class registers this Monolog processor:

AltInvest\PiiLogSanitizer\SanitizeLogProcessor::class

The processor sanitizes:

Log message
Log context
Log extra data

Because auto tap is enabled by default, you usually do not need to manually change config/logging.php.


Do We Need To Update config/logging.php?

By default, no manual change is required.

The package automatically adds the sanitizer tap to these channels:

stack
single
daily
slack
papertrail
stderr
syslog
errorlog
cloudwatch

This is controlled by:

PII_LOG_AUTO_TAP=true
PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch

Recommended approach:

Use PII_LOG_AUTO_TAP=true.
Avoid repeated manual config/logging.php changes.

Manual logging.php Setup

If auto tap is disabled:

PII_LOG_AUTO_TAP=false

Then manually add this to each active log channel in config/logging.php:

'tap' => [
    AltInvest\PiiLogSanitizer\RegisterPiiLogSanitizerProcessor::class,
],

Example:

'single' => [
    'driver' => 'single',
    'path' => storage_path('logs/laravel.log'),
    'level' => env('LOG_LEVEL', 'debug'),
    'replace_placeholders' => true,
    'tap' => [
        AltInvest\PiiLogSanitizer\RegisterPiiLogSanitizerProcessor::class,
    ],
],

Adding New Configuration Keys

Use this section when adding a new config option to the package.

Example requirement:

Add a new config key to control whether plain-text phone numbers should be detected and masked.

1. Update Package Config

Update:

packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php

Add the new key:

'mask_plain_phone_numbers' => env('PII_MASK_PLAIN_PHONE_NUMBERS', true),

Example inside config:

return [
    'enabled' => env('PII_LOG_MASKING', true),

    'mask_detected_values' => env('PII_MASK_DETECTED_VALUES', true),

    'mask_plain_phone_numbers' => env('PII_MASK_PLAIN_PHONE_NUMBERS', true),

    'default_strategy' => env('PII_DEFAULT_STRATEGY', 'full'),

    'max_depth' => env('PII_MAX_DEPTH', 10),
];

2. Use The Config In Package Code

Update the relevant logic in:

packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php

Example:

if (config('log_pii.mask_plain_phone_numbers', true)) {
    // detect and mask plain phone numbers
}

3. Update README Environment Variables

Add the environment variable to the local and production .env examples:

PII_MASK_PLAIN_PHONE_NUMBERS=true

4. Force Publish Config In Laravel Project

After changing package config, run from the Laravel project root:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear

This updates:

config/log_pii.php

5. Verify Updated Config

Run:

grep -R "mask_plain_phone_numbers" -n config/log_pii.php

Where To Update If Change Is Required

Requirement File to Update
Add new config key packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php
Change default config value packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php
Use config value in logic packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php
Add new environment variable .env, .env.example, and README
Add new masking key or pattern packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php
Add new masking strategy packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php
Change masking implementation packages/altinvest/laravel-pii-log-sanitizer/src/SanitizeLogProcessor.php
Change processor registration packages/altinvest/laravel-pii-log-sanitizer/src/RegisterPiiLogSanitizerProcessor.php
Change config publish path or tag packages/altinvest/laravel-pii-log-sanitizer/src/PiiLogSanitizerServiceProvider.php
Change auto tap behaviour packages/altinvest/laravel-pii-log-sanitizer/src/RegisterPiiLogSanitizerProcessor.php
Change package boot/register logic packages/altinvest/laravel-pii-log-sanitizer/src/PiiLogSanitizerServiceProvider.php
Update installation steps packages/altinvest/laravel-pii-log-sanitizer/README.md
Update troubleshooting steps packages/altinvest/laravel-pii-log-sanitizer/README.md

Updating Existing Configuration

Whenever you update the package configuration file:

packages/altinvest/laravel-pii-log-sanitizer/config/log_pii.php

publish the latest configuration into the Laravel project:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear

Important:

--force overwrites config/log_pii.php in the Laravel project.
Use it only when the Laravel project should receive the latest package config.

Development Workflow

Whenever package PHP code changes:

composer dump-autoload
php artisan optimize:clear

Whenever package configuration changes:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear

Whenever a new class is added:

composer dump-autoload
php artisan package:discover
php artisan optimize:clear

Whenever package composer.json changes:

composer update altinvest/laravel-pii-log-sanitizer --with-dependencies
composer dump-autoload
php artisan optimize:clear

Whenever provider discovery looks stale:

rm -f bootstrap/cache/packages.php \
      bootstrap/cache/services.php \
      bootstrap/cache/config.php \
      bootstrap/cache/events.php \
      bootstrap/cache/routes-v7.php

composer dump-autoload
php artisan package:discover
php artisan optimize:clear

Basic Usage Example

Application code:

use Illuminate\Support\Facades\Log;

Log::info('User login attempt', [
    'email' => 'mahendra.ulaka@altinvest.ai',
    'mobile_number' => '9876543210',
    'password' => 'secret123',
    'otp' => '123456',
]);

Expected masked output:

[
    'email' => 'ma***********@a********.ai',
    'mobile_number' => '9876****10',
    'password' => '[PASSWORD_MASKED]',
    'otp' => '[OTP_MASKED]',
]

Eloquent Model And Relation Masking

Example:

$user = \App\Models\User::where('id', 408)
    ->with(['contactDetail', 'adminUser.user'])
    ->first();

Log::info('User model test', [
    'user' => $user,
]);

Expected behavior:

The user object remains visible.
The contactDetail relation remains visible.
Sensitive fields inside the relation are masked.

Example masked structure:

[
    'user' => [
        'id' => 408,
        'first_name' => 'M*******',
        'last_name' => 'U****',
        'email' => 'ma***********@a********.ai',

        'contact_detail' => [
            'id' => 10,
            'country_code' => '91',
            'contact_no' => '9876****10',
            'email_id' => 'ma***********@a********.ai',
        ],
    ],
]

Important:

Relation names like contactDetail may match wildcard patterns like *contact*.

The package should not mask the full relation object. Instead, it should recursively sanitize the fields inside it.


Testing In Tinker

Run:

php artisan optimize:clear
php artisan tinker

Then run:

use Illuminate\Support\Facades\Log;

Log::info('PII sanitizer test mahendra.ulaka@altinvest.ai 9876543210', [
    'email' => 'mahendra.ulaka@altinvest.ai',
    'mobile_number' => '9876543210',
    'password' => 'secret123',
    'otp' => '123456',
    'pin' => '1234',
    'token' => 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMifQ.signature',
    'pan' => 'ABCDE1234F',
    'aadhaar' => '123456789012',
    'passport' => 'M1234567',
    'contactDetail' => [
        'id' => 10,
        'country_code' => '91',
        'contact_no' => '9876543210',
        'email_id' => 'mahendra.ulaka@altinvest.ai',
    ],
]);

Check log:

tail -n 100 storage/logs/laravel.log

Expected:

Email should be masked
Mobile number should be masked
Password should be [PASSWORD_MASKED]
OTP should be [OTP_MASKED]
PIN should be [PIN_MASKED]
Token should be [TOKEN_MASKED]
PAN should be masked
Aadhaar should be masked
Passport should be masked
contactDetail should remain visible
contactDetail.contact_no should be masked
contactDetail.email_id should be masked
country_code should remain visible

Testing With Browser GET Request

Create a temporary test route only for local testing:

Route::get('/test-logging', function () {
    \Illuminate\Support\Facades\Log::info('PII browser test', [
        'name' => request('name'),
        'email' => request('email'),
        'phone' => request('phone'),
        'contact' => request('contact'),
        'pan' => request('pan'),
        'passport' => request('passport'),
        'aadhaar' => request('aadhaar'),
    ]);

    return response()->json([
        'message' => 'PII test log written. Check Laravel logs.',
    ]);
});

Open in browser:

http://auth.localhost/test-logging?name=Mahendra&email=mahendra.ulaka@altinvest.ai&phone=9876543210&contact=9876543210&pan=ABCDE1234F&passport=M1234567&aadhaar=123456789012

Then check:

tail -n 100 storage/logs/laravel.log

Remove the test route after verification.


Clear Cache After Changes

After installing package or changing package code:

composer dump-autoload
php artisan optimize:clear

After changing package config and needing latest config in the Laravel app:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
composer dump-autoload
php artisan optimize:clear

For production after final verification:

php artisan config:cache

Rollout Steps For auth_service

  1. Create package directory:
mkdir -p packages/altinvest/laravel-pii-log-sanitizer/src
mkdir -p packages/altinvest/laravel-pii-log-sanitizer/config
  1. Add package files:
composer.json
README.md
config/log_pii.php
src/PiiLogSanitizerServiceProvider.php
src/RegisterPiiLogSanitizerProcessor.php
src/SanitizeLogProcessor.php
  1. Add path repository in root composer.json.
composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'
  1. Install package:
composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies
composer dump-autoload
php artisan optimize:clear
  1. Force publish config:
php artisan vendor:publish --tag=pii-log-sanitizer-config --force
  1. Add .env values.

  2. Test logs.

  3. Remove old app-level files after package is confirmed working:

rm -f app/Logging/SanitizeLogProcessor.php
rm -f app/Logging/RegisterPiiSanitizerProcessor.php
rm -f app/Logging/RegisterPiiLogSanitizerProcessor.php
rm -f app/Logging/CustomizeFormatter.php
  1. Remove old manual tap references from config/logging.php if auto tap is enabled.

Rollout Steps For Other Services

For each service:

opportunity_service
rent_management_service
engagement_service
entity_service
reporting_service
distributor_service
support_service

Do:

1. Copy or install the package.
2. Add Composer path repository.
3. Run Composer require.
4. Force publish config.
5. Add .env values.
6. Run optimize clear.
7. Test logs.
8. Verify logs in actual service log destination.

Commands:

composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'

composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

composer dump-autoload
php artisan optimize:clear

Future Installation From Git Repository

Once the package is moved to a separate Git repository, replace the local path repository with a VCS repository.

Example:

"repositories": [
    {
        "type": "vcs",
        "url": "git@bitbucket.org:YOUR_WORKSPACE/laravel-pii-log-sanitizer.git"
    }
]

Then install:

composer require altinvest/laravel-pii-log-sanitizer:^1.0 --with-dependencies
composer dump-autoload
php artisan optimize:clear

Force publish config after install or config update:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear

Git Notes

Git does not track empty directories.

The package directory must contain files before Git detects it.

Check package files:

find packages/altinvest/laravel-pii-log-sanitizer -maxdepth 3 -type f

Check Git status:

git status --untracked-files=all -- packages

Add package:

git add packages/altinvest/laravel-pii-log-sanitizer

If ignored:

git add -f packages/altinvest/laravel-pii-log-sanitizer

Troubleshooting

Package Not Detected By Composer

Run:

composer dump-autoload
php artisan package:discover
php artisan optimize:clear

Check that root composer.json contains:

"repositories": [
    {
        "type": "path",
        "url": "packages/altinvest/laravel-pii-log-sanitizer",
        "options": {
            "symlink": true
        }
    }
]

Check that package composer.json contains:

"name": "altinvest/laravel-pii-log-sanitizer"

Then run:

composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies

minimum-stability Error

Error:

found altinvest/laravel-pii-log-sanitizer[dev-main] but it does not match your minimum-stability

Use this install command:

composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies

Do not use:

composer require altinvest/laravel-pii-log-sanitizer:*

Because * may fail when the local package only has dev-main.


Class Not Found

Run:

composer dump-autoload
php artisan optimize:clear

Check namespace:

namespace AltInvest\PiiLogSanitizer;

Check package autoload:

"autoload": {
    "psr-4": {
        "AltInvest\\PiiLogSanitizer\\": "src/"
    }
}

Check provider discovery:

grep -R "PiiLogSanitizerServiceProvider" bootstrap/cache/packages.php

If cache is stale, remove cached files and discover again:

rm -f bootstrap/cache/packages.php \
      bootstrap/cache/services.php \
      bootstrap/cache/config.php \
      bootstrap/cache/events.php \
      bootstrap/cache/routes-v7.php

composer dump-autoload
php artisan package:discover
php artisan optimize:clear

Config Not Updating

Force publish package config:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear

Check config:

grep -R "auto_tap" -n config/log_pii.php
cat config/log_pii.php

Important:

--force overwrites config/log_pii.php.
Use this only when you want latest package config to replace local config.

No Publishable Resources

If this command says no publishable resources:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

Check that PiiLogSanitizerServiceProvider contains:

public function boot(): void
{
    $this->publishes([
        __DIR__ . '/../config/log_pii.php' => config_path('log_pii.php'),
    ], 'pii-log-sanitizer-config');
}

Then run:

composer dump-autoload
php artisan package:discover
php artisan optimize:clear
php artisan vendor:publish --tag=pii-log-sanitizer-config --force

Logs Are Not Masked

Check .env:

PII_LOG_MASKING=true
PII_LOG_AUTO_TAP=true
PII_MASK_DETECTED_VALUES=true

Clear cache:

php artisan optimize:clear

Check active log channel:

LOG_CHANNEL=single

or:

LOG_CHANNEL=stack
LOG_STACK=stderr,cloudwatch

Make sure the active channels are present in:

PII_LOG_CHANNELS=stack,single,daily,slack,papertrail,stderr,syslog,errorlog,cloudwatch

contactDetail Relation Fully Masked

The sanitizer should not fully mask relation objects.

Expected behavior:

contactDetail object remains visible
inner fields like contact_no and email_id are masked

If the full object is masked, ensure the latest SanitizeLogProcessor contains structured value handling:

if ($this->isStructuredValue($value)) {
    $data[$key] = $this->sanitize($value, $depth + 1);
} else {
    $data[$key] = $this->applyStrategy($value, $strategy);
}

Then force update package changes:

composer update altinvest/laravel-pii-log-sanitizer --with-dependencies
composer dump-autoload
php artisan optimize:clear

If config also changed:

php artisan vendor:publish --tag=pii-log-sanitizer-config --force
php artisan optimize:clear

Maintenance Checklist

Whenever a feature is added to this package, verify the following:

1. Add or update implementation in src/.
2. Update config/log_pii.php if required.
3. Add new .env variables if required.
4. Update README.md.
5. Publish the updated config using --force.
6. Run composer dump-autoload.
7. Run php artisan optimize:clear.
8. Test using Tinker.
9. Test using browser/API request.
10. Verify masked output in Laravel logs.
11. Verify auto tap still works correctly.

Production Notes

Recommended production log level:

LOG_LEVEL=info

Avoid using:

LOG_LEVEL=debug

in production unless temporarily required.

Do not log raw request payloads unless required.

Avoid logging full exception objects with sensitive payloads.

Throwable objects are not modified directly by default because Laravel and Monolog handle exception serialization separately.

Sensitive data inside exception messages or traces may still appear if the application puts PII into exception messages.


Security Notes

This package reduces risk of exposing PII in logs, but it does not replace secure coding practices.

Avoid logging:

Full request payloads
Passwords
OTP values
PIN values
Access tokens
Refresh tokens
Authorization headers
Full user objects unless necessary
Payment details
Government ID documents

Use safe logging patterns:

Log::info('User login attempt', [
    'user_id' => $user->id,
    'email' => $user->email,
]);

Do not do this unless required:

Log::info('Full request payload', request()->all());

Final Recommended Setup

Use this final setup:

Package:
packages/altinvest/laravel-pii-log-sanitizer

Package name:
altinvest/laravel-pii-log-sanitizer

Namespace:
AltInvest\PiiLogSanitizer

Auto tap:
enabled

Project config:
config/log_pii.php

Config publish tag:
pii-log-sanitizer-config

Manual config/logging.php changes:
not required when PII_LOG_AUTO_TAP=true

Final local update command:

cd /var/www/html

composer config repositories.altinvest-pii-log-sanitizer '{"type":"path","url":"packages/altinvest/laravel-pii-log-sanitizer","options":{"symlink":true}}'

composer require altinvest/laravel-pii-log-sanitizer:@dev --with-dependencies

php artisan vendor:publish --tag=pii-log-sanitizer-config --force

composer dump-autoload
php artisan optimize:clear

Versioning Policy:

v2.x supports PHP 8.1+ and Laravel 9–12. v1.x is reserved for a future legacy compatibility branch supporting PHP 7.x and older Laravel versions (such as Laravel 5.5).

Version Compatibility

Package Version PHP Laravel
2.x 8.1+ 9.x, 10.x, 11.x, 12.x
1.x Reserved for future legacy compatibility with older Laravel/PHP versions

Compatibility

Current releases support:

  • PHP 8.1+
  • Laravel 9–12

A separate 1.x release line may be introduced in the future for legacy Laravel/PHP compatibility if needed.