Encrypted logging with zato-enclog

Overview

zato-enclog is a Python package available from PyPI that can be used to safely store encrypted information in logs of Zato or any other Python application.

It is a perfect fit if information such as PII (Personally Identifiable Information) cannot be stored in clear text, for instance in HIPAA-compliant applications.

The package is distributed separately on PyPI.

Features

  • Can be plugged into any Python application
  • Stores logs encrypted with Fernet keys (AES128)
  • Comes with command-line tools to generate keys and decrypt logs, including means to tail -f logs as they grow

Usage examples

Zato services:

1
2
3
4
5
6
7
8
from logging import getLogger
from zato.server.service import Service

enclog = getLogger('enclog')

class MyService(Service):
    def handle(self):
        enclog.info('This will be encrypted')

Any Python app:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
import logging
from zato.enclog import EncryptedLogFormatter, genkey

level = logging.INFO
format = '%(levelname)s - %(message)s'

key = genkey()
formatter = EncryptedLogFormatter(key, format)

handler = logging.StreamHandler()
handler.setFormatter(formatter)

logger = logging.getLogger('')
logger.addHandler(handler)
logger.setLevel(level)

logger.info('This will be encrypted')

CLI screenshots

Key generation

../../_images/genkey.png

Demo

../../_images/demo.png

tail -f vs. enclog tailf

Using regular tail -f will show the data is encrypted:

../../_images/tailf.png

Using enclog tailf will work like tail -f but it will also decrypt data on fly.

../../_images/enclog_tailf.png

Installation and usage

CLI reference