Adding sections about logging sensitive information (#46492)

mariamgerges · R9 Fundamentals · web-flow · commit 2cdbe9b6818d · 2025-06-06T15:08:37.000+02:00
* Adding sections about logging sensitive information

* fix

* fixing links

* fixing docs

* comments

* updated

* comments

---------

Co-authored-by: R9 Fundamentals &lt;r9fundamentals@microsoft.com&gt;
diff --git a/docs/core/extensions/data-redaction.md b/docs/core/extensions/data-redaction.md
@@ -183,3 +183,53 @@ public sealed class StarRedactorProvider : IRedactorProvider
     public Redactor GetRedactor(DataClassificationSet classifications) => _starRedactor;
 }
 ```
+
+## Logging sensitive information
+
+Logging is a common source of accidental data exposure. Sensitive information such as personal data, credentials, or financial details should never be written to logs in plain text. To prevent this, always use redaction when logging potentially sensitive data.
+
+### Steps for logging sensitive data
+
+1. **Install the telemetry extensions package**: Install [Microsoft.Extensions.Telemetry](https://www.nuget.org/packages/Microsoft.Extensions.Telemetry) to be able to use the extended logger to enable redaction feature.
+2. **Set up redaction**: Integrate redactors with your logging pipeline by calling the <xref:Microsoft.Extensions.DependencyInjection.RedactionServiceCollectionExtensions.AddRedaction(Microsoft.Extensions.DependencyInjection.IServiceCollection)> method, to automatically sanitize or mask sensitive fields before they are written to logs.
+3. **Identify sensitive fields**: Know which data in your application is sensitive and requires protection, and mark them with appropriate data classification.
+4. **Review log output**: Regularly audit your logs to ensure no sensitive data is exposed.
+
+### Example: Redacting data in logs
+
+When using [Microsoft.Extensions.Logging](https://www.nuget.org/packages/Microsoft.Extensions.Logging), you can combine redaction with logging as follows:
+
+```csharp
+using Microsoft.Extensions.Telemetry;
+using Microsoft.Extensions.Compliance.Redaction;
+
+var services = new ServiceCollection();
+services.AddLogging(builder =>
+{
+    // Enable redaction.
+    builder.EnableRedaction();
+});
+
+services.AddRedaction(builder =>
+{
+    // configure redactors for your data classifications
+    builder.SetRedactor<StarRedactor>(MyTaxonomyClassifications.Private);
+});
+// Use annotations to mark sensitive data.
+// For example, apply the Private classification to SSN data.
+[LoggerMessage(0, LogLevel.Information, "User SSN: {SSN}")]
+public static partial void LogPrivateInformation(
+    this ILogger logger,
+    [MyTaxonomyClassifications.Private] string SSN);
+
+public void TestLogging()
+{
+    LogPrivateInformation("MySSN");
+}
+```
+
+The output should be like this:
+
+`User SSN: *****`
+
+This ensures that sensitive data is redacted before being logged, reducing the risk of data leaks.
diff --git a/docs/core/extensions/logger-message-generator.md b/docs/core/extensions/logger-message-generator.md
@@ -367,6 +367,64 @@ Consider the example logging output when using the `JsonConsole` formatter:
 }
 ```
 
+## Redacting sensitive information in logs
+
+When logging sensitive data, it's important to prevent accidental exposure. Even with compile-time generated logging methods, logging raw sensitive values can lead to data leaks and compliance issues.
+
+The [Microsoft.Extensions.Telemetry](https://www.nuget.org/packages/Microsoft.Extensions.Telemetry) library provides advanced logging and telemetry enrichment capabilities for .NET applications. It extends the logging pipeline to automatically apply redaction to classified data when writing logs. It enables you to enforce data protection policies throughout your application by integrating redaction into your logging workflow. It is built for applications needing sophisticated telemetry and logging insights.
+
+To enable redaction, use the [Microsoft.Extensions.Compliance.Redaction](https://www.nuget.org/packages/Microsoft.Extensions.Compliance.Redaction) library. This library provides **redactors**—components that transform sensitive data (for example, by erasing, masking, or hashing it) so that it is safe to output. Redactors are selected based on **data classification**, which lets you label data according to its sensitivity (such as personal, private, or public).
+
+To use redaction with source-generated logging methods, you should:
+
+1. Classify your sensitive data using a data classification system.
+2. Register and configure redactors for each classification in your DI container.
+3. Enable redaction in the logging pipeline.
+4. Check your logs to ensure no sensitive data is exposed.
+
+For example, if you have a log message that has a parameter that is considered private:
+
+```csharp
+[LoggerMessage(0, LogLevel.Information, "User SSN: {SSN}")]
+public static partial void LogPrivateInformation(
+    this ILogger logger,
+    [MyTaxonomyClassifications.Private] string SSN);
+```
+
+You will need to have a setting similar to this:
+
+```csharp
+using Microsoft.Extensions.Telemetry;
+using Microsoft.Extensions.Compliance.Redaction;
+
+var services = new ServiceCollection();
+services.AddLogging(builder =>
+{
+    // Enable redaction.
+    builder.EnableRedaction();
+});
+
+services.AddRedaction(builder =>
+{
+    // configure redactors for your data classifications
+    builder.SetRedactor<StarRedactor>(MyTaxonomyClassifications.Private);
+});
+
+public void TestLogging()
+{
+    LogPrivateInformation("MySSN");
+}
+```
+
+The output should be like this:
+
+`User SSN: *****`
+
+This approach ensures that only redacted data is logged, even when using compile-time generated logging APIs. You can use different redactors for different data types or classifications, and update your redaction logic centrally.
+
+For more details about how to classify your data, see [Data classification in .NET](data-classification.md).
+For more details about redaction and redactors, see [Data redaction in .NET](data-redaction.md).
+
 ## Summary
 
 With the advent of C# source generators, writing highly performant logging APIs is much easier. Using the source generator approach has several key benefits:
@@ -388,4 +446,6 @@ Additionally, there are benefits over manually using <xref:Microsoft.Extensions.
 - [Logging in .NET](logging.md)
 - [High-performance logging in .NET](high-performance-logging.md)
 - [Console log formatting](console-log-formatter.md)
+- [Data redaction in .NET](data-redaction.md)
+- [Data classification in .NET](data-classification.md)
 - [NuGet: Microsoft.Extensions.Logging.Abstractions](https://www.nuget.org/packages/microsoft.extensions.logging.abstractions)
