ITLab.Template.DevPack.SensitiveData
Provides attribute-driven PII protection through declarative marking and conditional masking during serialization.
Componentes
| Tipo | Nome | Responsabilidade |
|---|---|---|
| Attribute | SensitiveDataAttribute | Marks a property as sensitive and optionally declares the permission required to unmask it |
| Class | SensitiveDataLoggingJsonConverter | JSON converter that replaces sensitive property values with a mask token unless the caller holds the required permission |
Como usar
// Mark a DTO property as sensitive.
public sealed class CustomerDto
{
public string Name { get; init; } = string.Empty;
[SensitiveData(requiredPermission: "Customers.ViewPII")]
public string TaxId { get; init; } = string.Empty;
}
// Register the converter so logging serialization masks by default.
services.ConfigureHttpJsonOptions(opts =>
{
opts.SerializerOptions.Converters.Add(new SensitiveDataLoggingJsonConverter(currentUser));
});
O que não fazer
- Do not rely solely on
SensitiveDataLoggingJsonConverterfor data-at-rest encryption. - Do not mark every string property as sensitive — reserve it for genuine PII/regulated data.
Extensão pelo produto
- Products can supply a custom permission resolver to
SensitiveDataLoggingJsonConverterto align with product-specific authorization policies.