Title: feat: PII redaction and secure logging across all handlers
Labels: backend, security, compliance
Description:
VaultLink handles sensitive financial and identity data. This issue
ensures that PII (Personally Identifiable Information) never leaks
into logs, error responses, or monitoring systems. A shared
redaction service is implemented and enforced across all handlers.
What Needs to Be Done:
- RedactionService:
redact(value, type) — masks value based on type
Types:
stellar_address → show first 4 + *** + last 4 (e.g. GABCXY12)
company_name → show first 3 chars + *** (e.g. Acu)
registration_number → fully masked (e.g. )
email → e@*** pattern
amount → preserve for audit, mask in logs ($*.)
- SafeLogger wrapper:
Wraps NestJS Logger
All log calls pass through RedactionService before output
Used in all services as drop-in replacement for Logger
- Error response filter:
Global exception filter strips internal details from responses
Stack traces never returned to client in production
Only safe, user-friendly error messages returned
- Apply redaction to:
All existing service log calls
Audit log metadata (before writing to console, not DB)
Error responses across all controllers
Key Files:
- apps/backend/src/security/redaction.service.ts (new)
- apps/backend/src/security/safe-logger.service.ts (new)
- apps/backend/src/security/security.module.ts (new)
- apps/backend/src/filters/global-exception.filter.ts (update)
Acceptance Criteria:
- Stellar addresses masked in all log output
- Company names and registration numbers never appear in logs
- Stack traces not returned in production error responses
- SafeLogger is the only logger used in service classes
- Unit tests cover all redaction types and edge cases:
empty string, null, already masked, partial values
- Integration test confirms no PII in error response bodies
Security Notes:
- Redaction applied before serialization — not after
- DB values stored unredacted — only logs are masked
- PII fields documented in security/README.md
Branch: feat/pii-redaction
Commit: feat(security): add PII redaction service and safe logging wrappers across all handlers
Title: feat: PII redaction and secure logging across all handlers
Labels: backend, security, compliance
Description:
VaultLink handles sensitive financial and identity data. This issue
ensures that PII (Personally Identifiable Information) never leaks
into logs, error responses, or monitoring systems. A shared
redaction service is implemented and enforced across all handlers.
What Needs to Be Done:
redact(value, type) — masks value based on type
Types:
stellar_address → show first 4 + *** + last 4 (e.g. GABCXY12)
company_name → show first 3 chars + *** (e.g. Acu)
registration_number → fully masked (e.g. )
email → e@*** pattern
amount → preserve for audit, mask in logs ($*.)
Wraps NestJS Logger
All log calls pass through RedactionService before output
Used in all services as drop-in replacement for Logger
Global exception filter strips internal details from responses
Stack traces never returned to client in production
Only safe, user-friendly error messages returned
All existing service log calls
Audit log metadata (before writing to console, not DB)
Error responses across all controllers
Key Files:
Acceptance Criteria:
empty string, null, already masked, partial values
Security Notes:
Branch: feat/pii-redaction
Commit: feat(security): add PII redaction service and safe logging wrappers across all handlers