Blog Detail


Scrub Sensitive Information of your App via Laravel Scrubber cover image

Scrub Sensitive Information of your App via Laravel Scrubber

Laravel Scrubber is a fantastic Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.


install the package via composer:

composer require yorcreative/laravel-scrubber

Publish the packages assets.

php artisan vendor:publish --provider="YorCreative\Scrubber\ScrubberServiceProvider"


Adjust the configuration file to suit your application.

return [
    'redaction' => '**redacted**', // Define what you want to overwrite detected information with??
    'secret_manager' => [
        'key' => '44mfXzhGl4IiILZ844mfXzhGl4IiILZ8', // key for cipher to use
        'cipher' => 'AES-256-CBC', 
        'enabled' => false, // Do you want this enabled??
        'providers' => [
            'gitlab' => [
                'enabled' => false,
                'project_id' => env('GITLAB_PROJECT_ID', 'change_me'),
                'token' => env('GITLAB_TOKEN', 'change_me'),
                'host' => '',
                'keys' => ['*'], // * will grab all the secrets, if you want specific variables
                                 //  define the keys in an array


Logging Detection & Sanitization

Log::info('some message', [
    'context' => 'accidental',
    'leak_of' => [
        'jwt' => '<insert jwt token here>'

// testing.INFO: some message {"context":"accidental","leak_of":{"jwt": '**redacted**'}} 

Log::info('<insert jwt token here>')

// testing.INFO: **redacted** 

Direct Usage for Detection & Sanitization

    'context' => 'accidental',
    'leak_of' => [
        'jwt' => '<insert jwt token here>'
// [
//     "context" => "accidental"
//     "leak_of" => [
//         "jwt" => "**redacted**"
//     ]
// ];

Scrubber::processMessage('<insert jwt token here>');
// **redacted**

Secret Manager

This package provides the ability to pull in secrets from external sources. This provides the package the ability to detect leakage and sanitize secrets without needing an exact regex pattern to detect it.


For enhanced application security, all secrets that are pulled from any provider are encrypted and only decrypted to run the detection.

Gitlab Integration

To utilize the Gitlab Integration, you will need to enable the secret_manager and the GitLab provider in the Configuration file. If you are looking for information on how to add secrets in Gitlab. There is an article on adding project variables.

Extending the Scrubber

Creating new Scrubber Detection Classes

php artisan make:regex-class {name} 

This command will create a stubbed-out class in App\Scrubber\RegexCollection. The Scrubber package will autoload everything from the App\Scrubber\RegexCollection folder. You will need to provide a Regex Pattern and a Testable String for the class.

For more details, Please visit Github.

Published at : 26-08-2022

Author : Rizwan Aslam
Rizwan Aslam

I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.

Launch project