Community TypeScript Snippet

A Request/Response Logger That Does Not Leak Secrets

The redact-by-key logger I add to every Node service before it touches production logs. Catches headers, JWTs, card numbers, and Stripe keys without paying for a SIEM scrubber.

A Request/Response Logger That Does Not Leak Secrets

The redact-by-key logger I add to every Node service before it touches production logs. Catches headers, JWTs, card numbers, and Stripe keys without paying for a SIEM scrubber.

TypeScript
Frontend
3 snippets
logging
security
error-handling
code-template
nadiaali

By @nadiaali

March 6, 2026

·

Updated May 20, 2026

434 views

14

4.4 (15)

I have shipped this redactor in three companies because the failure mode of NOT having it is so loud: one accidental console.log(req.headers) and your bearer tokens land in CloudWatch forever. It does two passes per value. First, a key-name check against a denylist (authorization, password, token, common card-field names). Second, a regex sweep over string values for the patterns that look like secrets even when the key is benign, like a customer-supplied note containing sk_test_.... Keep both layers; key-only redaction misses the notes field every time.