Securelog Docs

Securelog Server SDK

The Securelog Server SDK enables interaction with the Securelog API for secret detection and redaction. It offers tools to configure the client, identify secrets in text, and remove them efficiently.

For server-side applications or middleware, Securelog Server SDK is a great choice. While latency is minimal, consider selfhosting if it’s a major concern.

Installation

yarn add securelog-sdk

Usage

To use the Securelog Server SDK, import the Securelog class:

import Securelog from 'securelog-sdk';

Initialize the Client

Create an instance of the Securelog class by passing the necessary configuration:

const securelog = new Securelog({
  apiKey: 'YOUR_API_KEY',
  url: 'https://api.securelog.com', // change with your securelog self hosted backend
  headers: {
    'Custom-Header': 'value'
  },
  // We support a lot of detectors (e.g Credit cards, API keys, Phone number) already.
  // You can add yours for internal needs.
  customDetectors: [
    {
      regex: 'your-regex',
      keywords: ['VLWSECK-', 'VLXSECK-'],
      detectorType: 'Vercel',
    },
  ],
});

Redacting secrets

To redact secrets from a text, use the redactSecrets method:

const redacted = await securelog.redactSecrets({
  text: 'your text here',
  maskedValue: '****',
  visibleChars: 4,
  // We support a lot of detectors (e.g Credit cards, API keys, Phone number) already.
  // You can add yours for internal needs.
  customDetectors: [
    {
      regex: 'your-regex',
      keywords: ['keyword1', 'keyword2'],
      detectorType: 'custom',
    },
  ],
});
console.log(redacted);

Use within NextJs Middlware

middleware.ts

import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
import Securelog from 'securelog-sdk'

export async function middleware(request: NextRequest) {
  const requestHeaders = new Headers(request.headers)
  const securelog = new Securelog({
    apiKey: 'SLS_534da2c5529a6b5b......',
    url: 'https://api.securelog.com' // you can specify your local securelog server url this is the default value
  }).client;


  const masked = await securelog.redactSecrets({
    text: `
      for example heres fake stripe secret key rk_live_3a9b8c7d6e5f4g3h2i1jklmnopqrstuvwxy1234567890abcdef and this is for npm npm_4f3b6d9a9d7e9f6b5e7d4c8e9a1c7b9f4a1b0d3e
    `,
    maskedValue: 'xxx',
    visibleChars: 3
    // customDetectors: [
    //   {
    //     regex: '',
    //     keywords: ['password'],
    //     detectorType: 'vercel default',
    //     group: ['password']
    //   }
    // ]
  })

  const response = NextResponse.next({
    request: {
      headers: requestHeaders,
    },
  })
  response.headers.set('x-hello-from-middleware2', 'hello')
  response.headers.set('secrets', masked.maskedValues.toString().replaceAll('\n', ' '))
  return response
}