Blog

Articles about log sanitization, DevOps security, and building CLI tools.

Design Guarantees: Dry-Run, Exit Codes, and CI-Friendly Behavior

How predictable behavior and boring exit codes make sanitization automatable and trustworthy.

March 23, 2026 5 min read

LogShield v0.7.0: Regex Safety Hardening and Bounded Input Behavior

v0.7.0 adds per-line guardrails, bounded failure behavior for pathological input, and adversarial regression coverage without changing normal successful scan output.

March 18, 2026 3 min read

Structured JSON Logs: Sanitization Without Breaking Parsers

How to redact secrets in JSON logs while preserving valid JSON, key names, and downstream tooling.

March 16, 2026 4 min read

Docker and Kubernetes Logs: Sanitization Patterns That Matter

Common secret shapes in containerized systems and what to redact without breaking readability.

March 9, 2026 4 min read

GitHub Issues and Pastebins: Share Logs Safely

A workflow for safe debugging collaboration: sanitize first, then share, with examples and gotchas.

March 2, 2026 4 min read

CI Log Retention Is a Liability

Why build logs are a common leak surface and how to sanitize output safely in CI pipelines.

February 23, 2026 2 min read

Redact Secrets Without Destroying Debug Value

How to keep structure, labels, and context so your logs remain useful after sanitization.

February 16, 2026 5 min read

Sanitize Logs Before Sharing to Support Vendors

A simple playbook you can adopt today to share useful logs while avoiding credential leaks.

February 9, 2026 4 min read

LogShield v0.6.0: Modern Token Coverage (GitHub, Slack, npm, PyPI, SendGrid)

v0.6.0 adds the tokens that actually leak in real logs—GitHub PATs, Slack tokens, npm credentials—without changing how the tool behaves.

February 8, 2026 4 min read

Deterministic Redaction vs Heuristics: Why Predictability Wins in Incident Response

I tried entropy-based detection once. It found secrets the regex missed—and also flagged half my stack traces. Here's why I went back to boring, predictable rules.

February 2, 2026 5 min read

What a Log Sanitizer Must Guarantee

A checklist of guarantees (determinism, reviewability, local-first) that make log redaction safe for real workflows.

January 31, 2026 4 min read

Log Sanitization: Threat Model, Leak Paths, and Practical Controls

A pragmatic threat model for log leakage and the minimum controls that reduce risk without killing debugging.

January 18, 2026 5 min read

Introducing LogShield v0.4.0

A foundation release focused on licensing clarity and documentation consistency, without changing engine or CLI behavior.

January 7, 2026 2 min read

What LogShield Guarantees (and What It Refuses to Do)

A clear statement of scope, contracts, and non-goals behind a deterministic log sanitization tool.

January 2, 2026 3 min read

How to Sanitize Logs in GitHub Actions

Step-by-step guide to automatically remove secrets from CI logs before they get stored or shipped.

December 25, 2025 5 min read

Why I Built LogShield

The story behind LogShield and why deterministic log sanitization matters for DevOps teams.

December 25, 2025 3 min read