Pular para o conteúdo principal
Versão: main (dev) 🚧

ITLab.Template.DevPack.SensitiveData

Provides attribute-driven PII protection through declarative marking and conditional masking during serialization.

Componentes

TipoNomeResponsabilidade
AttributeSensitiveDataAttributeMarks a property as sensitive and optionally declares the permission required to unmask it
ClassSensitiveDataLoggingJsonConverterJSON converter that replaces sensitive property values with a mask token unless the caller holds the required permission

Como usar

// Mark a DTO property as sensitive.
public sealed class CustomerDto
{
public string Name { get; init; } = string.Empty;

[SensitiveData(requiredPermission: "Customers.ViewPII")]
public string TaxId { get; init; } = string.Empty;
}

// Register the converter so logging serialization masks by default.
services.ConfigureHttpJsonOptions(opts =>
{
opts.SerializerOptions.Converters.Add(new SensitiveDataLoggingJsonConverter(currentUser));
});

O que não fazer

  • Do not rely solely on SensitiveDataLoggingJsonConverter for data-at-rest encryption.
  • Do not mark every string property as sensitive — reserve it for genuine PII/regulated data.

Extensão pelo produto

  • Products can supply a custom permission resolver to SensitiveDataLoggingJsonConverter to align with product-specific authorization policies.