Blog Detail

26

Aug
Scrub Sensitive Information of your App via Laravel Scrubber cover image

arrow_back Scrub Sensitive Information of your App via Laravel Scrubber

laravel laravel-packages

Laravel Scrubber is a fantastic Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

Installation

install the package via composer:

composer require yorcreative/laravel-scrubber

Publish the packages assets.

php artisan vendor:publish --provider="YorCreative\Scrubber\ScrubberServiceProvider"

Configuration

Adjust the configuration file to suit your application.

return [
    'redaction' => '**redacted**', // Define what you want to overwrite detected information with??
    'secret_manager' => [
        'key' => '44mfXzhGl4IiILZ844mfXzhGl4IiILZ8', // key for cipher to use
        'cipher' => 'AES-256-CBC', 
        'enabled' => false, // Do you want this enabled??
        'providers' => [
            'gitlab' => [
                'enabled' => false,
                'project_id' => env('GITLAB_PROJECT_ID', 'change_me'),
                'token' => env('GITLAB_TOKEN', 'change_me'),
                'host' => 'https://gitlab.com',
                'keys' => ['*'], // * will grab all the secrets, if you want specific variables
                                 //  define the keys in an array
            ],
        ],
    ],
];

Usage

Logging Detection & Sanitization

Log::info('some message', [
    'context' => 'accidental',
    'leak_of' => [
        'jwt' => '<insert jwt token here>'
    ]
])

// testing.INFO: some message {"context":"accidental","leak_of":{"jwt": '**redacted**'}} 

Log::info('<insert jwt token here>')

// testing.INFO: **redacted**

Direct Usage for Detection & Sanitization

Scrubber::processMessage([
    'context' => 'accidental',
    'leak_of' => [
        'jwt' => '<insert jwt token here>'
    ]
]);
// [
//     "context" => "accidental"
//     "leak_of" => [
//         "jwt" => "**redacted**"
//     ]
// ];

Scrubber::processMessage('<insert jwt token here>');
// **redacted**

Secret Manager

This package provides the ability to pull in secrets from external sources. This provides the package the ability to detect leakage and sanitize secrets without needing an exact regex pattern to detect it.

Encryption

For enhanced application security, all secrets that are pulled from any provider are encrypted and only decrypted to run the detection.

Gitlab Integration

To utilize the Gitlab Integration, you will need to enable the secret_manager and the GitLab provider in the Configuration file. If you are looking for information on how to add secrets in Gitlab. There is an article on adding project variables.

Extending the Scrubber

Creating new Scrubber Detection Classes

php artisan make:regex-class {name}

This command will create a stubbed-out class in App\Scrubber\RegexCollection. The Scrubber package will autoload everything from the App\Scrubber\RegexCollection folder. You will need to provide a Regex Pattern and a Testable String for the class.

For more details, Please visit Github.

Published at : 26-08-2022

Author : Rizwan Aslam
AUTHOR
Rizwan Aslam

I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.

© 2021 CodeBrisk , All Rights Reserved

Launch your project

Launch project