Laravel Scrubber is a fantastic Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

Installation

install the package via composer:

composer require yorcreative/laravel-scrubber

Publish the packages assets.

php artisan vendor:publish --provider="YorCreative\Scrubber\ScrubberServiceProvider"

Configuration

Adjust the configuration file to suit your application.

return [
    'redaction' => '**redacted**', // Define what you want to overwrite detected information with??
    'secret_manager' => [
        'key' => '44mfXzhGl4IiILZ844mfXzhGl4IiILZ8', // key for cipher to use
        'cipher' => 'AES-256-CBC', 
        'enabled' => false, // Do you want this enabled??
        'providers' => [
            'gitlab' => [
                'enabled' => false,
                'project_id' => env('GITLAB_PROJECT_ID', 'change_me'),
                'token' => env('GITLAB_TOKEN', 'change_me'),
                'host' => 'https://gitlab.com',
                'keys' => ['*'], // * will grab all the secrets, if you want specific variables
                                 //  define the keys in an array
            ],
        ],
    ],
];

Usage

Logging Detection & Sanitization

Log::info('some message', [
    'context' => 'accidental',
    'leak_of' => [
        'jwt' => '<insert jwt token here>'
    ]
])

// testing.INFO: some message {"context":"accidental","leak_of":{"jwt": '**redacted**'}} 

Log::info('<insert jwt token here>')

// testing.INFO: **redacted** 

Direct Usage for Detection & Sanitization

Scrubber::processMessage([
    'context' => 'accidental',
    'leak_of' => [
        'jwt' => '<insert jwt token here>'
    ]
]);
// [
//     "context" => "accidental"
//     "leak_of" => [
//         "jwt" => "**redacted**"
//     ]
// ];

Scrubber::processMessage('<insert jwt token here>');
// **redacted**

Secret Manager

This package provides the ability to pull in secrets from external sources. This provides the package the ability to detect leakage and sanitize secrets without needing an exact regex pattern to detect it.

Encryption

For enhanced application security, all secrets that are pulled from any provider are encrypted and only decrypted to run the detection.

Gitlab Integration

To utilize the Gitlab Integration, you will need to enable the secret_manager and the GitLab provider in the Configuration file. If you are looking for information on how to add secrets in Gitlab. There is an article on adding project variables.

Extending the Scrubber

Creating new Scrubber Detection Classes

php artisan make:regex-class {name} 

This command will create a stubbed-out class in App\Scrubber\RegexCollection. The Scrubber package will autoload everything from the App\Scrubber\RegexCollection folder. You will need to provide a Regex Pattern and a Testable String for the class.

For more details, Please visit Github.