Vaultx.Base.Logger (Vaultx v0.7.0)

View Source

Enterprise-grade structured logging for Vaultx HashiCorp Vault client.

This module provides comprehensive logging capabilities with automatic sanitization of sensitive data, structured metadata, and seamless integration with Elixir's Logger system. It ensures security compliance while providing detailed operational visibility for production Vault environments.

Core Capabilities

  • Zero Overhead: When disabled, all functions become compile-time no-ops
  • Type Safe: Full type specifications and guards for all functions
  • Automatic Sanitization: Removes sensitive data from logs recursively
  • Structured Logging: Rich metadata with consistent formatting
  • Level Control: Fine-grained control over log levels
  • Error Integration: Special handling for Vaultx.Base.Error structs

Configuration

# Set log level (debug, info, warn, error, none)
config :vaultx, logger_level: :info

# Disable logging completely (maximum performance)
config :vaultx, logger_level: :none

# Or via environment variable
export VAULTX_LOGGER_LEVEL=none

References

Log Levels

  • :debug - Detailed debugging information (includes all lower levels)
  • :info - General information about operations (includes warn, error)
  • :warn - Warning conditions that should be addressed (includes error)
  • :error - Error conditions that need attention
  • :none - Disable all logging (zero overhead)

Automatic Sanitization

The following fields are automatically sanitized in logs:

  • token, secret_id, password, secret, client_token, accessor - Replaced with "[REDACTED]"
  • Vaultx.Base.Error structs are formatted with debug information
  • Nested maps and lists are recursively sanitized
  • Original data structure is preserved

Examples

# Basic logging
Vaultx.Base.Logger.info("Operation completed successfully")

# Structured logging with metadata
Vaultx.Base.Logger.info("Secret read", %{
  path: "secret/myapp/config",
  duration: 150,
  token: "hvs.secret"  # Will be sanitized to "[REDACTED]"
})

# Error logging with Vaultx.Base.Error
Vaultx.Base.Logger.error("Authentication failed", %{
  method: :app_role,
  error: %Vaultx.Base.Error{type: :authentication_failed}
})

# Conditional logging for performance
if Vaultx.Base.Logger.enabled?(:debug) do
  expensive_debug_data = compute_debug_info()
  Vaultx.Base.Logger.debug("Debug info", expensive_debug_data)
end

Summary

Types

log_level()
log_message()
metadata()

Functions

current_level()

Gets the current log level from configuration.

debug(message, metadata \\ nil)

Records a debug level log message.

enabled?(level)

Checks if logging is enabled for the specified level.

error(message, metadata \\ nil)

Records an error level log message.

info(message, metadata \\ nil)

Records an info level log message.

log_operation(operation, path, duration_ms, result)

Logs an operation with timing information.

warn(message, metadata \\ nil)

Records a warning level log message.

warning(message, metadata \\ nil)

Records a warning level log message (alias for warn/2).

Types

log_level()

@type log_level() :: :debug | :info | :warn | :error | :none

log_message()

@type log_message() :: String.t() | iodata()

metadata()

@type metadata() :: map() | keyword() | nil

Functions

current_level()

@spec current_level() :: log_level()

Gets the current log level from configuration.

Returns the configured log level, which determines what messages will be logged. This function is optimized for performance and caches the result.

Examples

iex> Vaultx.Base.Logger.current_level()
:info

iex> Vaultx.Base.Logger.current_level()
:none

debug(message, metadata \\ nil)

@spec debug(log_message(), metadata()) :: :ok

Records a debug level log message.

Debug messages are only logged when the log level is set to :debug. This is a compile-time no-op when logging is disabled or level is higher than debug.

Parameters

  • message - The log message (string or iodata)
  • metadata - Optional metadata (map, keyword list, or nil)

Examples

iex> Vaultx.Base.Logger.debug("Detailed operation info", %{step: 1, data: %{}})
:ok

iex> Vaultx.Base.Logger.debug("Processing request", request_id: "req-123")
:ok

enabled?(level)

@spec enabled?(log_level()) :: boolean()

Checks if logging is enabled for the specified level.

This function is optimized for performance and should be used to guard expensive operations that are only needed for logging.

Parameters

  • level - The log level to check (:debug, :info, :warn, :error)

Examples

iex> Vaultx.Base.Logger.enabled?(:debug)
true

iex> Vaultx.Base.Logger.enabled?(:info)
false

error(message, metadata \\ nil)

@spec error(log_message(), metadata()) :: :ok

Records an error level log message.

Error messages are logged unless logging is completely disabled (:none). This is a compile-time no-op only when logging is completely disabled.

Parameters

  • message - The log message (string or iodata)
  • metadata - Optional metadata (map, keyword list, or nil)

Examples

iex> Vaultx.Base.Logger.error("Authentication failed", %{method: :app_role})
:ok

iex> Vaultx.Base.Logger.error("Network timeout occurred")
:ok

info(message, metadata \\ nil)

@spec info(log_message(), metadata()) :: :ok

Records an info level log message.

Info messages are logged when the log level is :debug or :info. This is a compile-time no-op when logging is disabled or level is higher than info.

Parameters

  • message - The log message (string or iodata)
  • metadata - Optional metadata (map, keyword list, or nil)

Examples

iex> Vaultx.Base.Logger.info("Operation completed", %{duration: 150})
:ok

iex> Vaultx.Base.Logger.info("Secret read successfully")
:ok

log_operation(operation, path, duration_ms, result)

@spec log_operation(String.t(), String.t(), non_neg_integer(), term()) :: :ok

Logs an operation with timing information.

This is a convenience function for logging operations with their duration. Automatically determines the appropriate log level based on the result.

Parameters

  • operation - The operation name (e.g., "read", "write", "authenticate")
  • path - The resource path or identifier
  • duration_ms - The operation duration in milliseconds
  • result - The operation result (:ok, {:ok, _}, {:error, _}, etc.)

Examples

iex> Vaultx.Base.Logger.log_operation("read", "secret/test", 150, :ok)
:ok

iex> Vaultx.Base.Logger.log_operation("write", "secret/test", 200, {:error, reason})
:ok

warn(message, metadata \\ nil)

@spec warn(log_message(), metadata()) :: :ok

Records a warning level log message.

Warning messages are logged when the log level is :debug, :info, or :warn. This is a compile-time no-op when logging is disabled or level is higher than warn.

Parameters

  • message - The log message (string or iodata)
  • metadata - Optional metadata (map, keyword list, or nil)

Examples

iex> Vaultx.Base.Logger.warn("SSL verification disabled", %{production: true})
:ok

iex> Vaultx.Base.Logger.warn("Deprecated API usage detected")
:ok

warning(message, metadata \\ nil)

@spec warning(log_message(), metadata()) :: :ok

Records a warning level log message (alias for warn/2).

Examples

iex> Vaultx.Base.Logger.warning("SSL verification disabled", %{production: true})
:ok