aragossa

aragossa / pii-shield

Public

Zero-code K8s sidecar for log sanitization. Detects secrets via Entropy Analysis, preserves JSON integrity, and redacts PII deterministically. 🛡️

pii-shield.com devsecops entropy gdpr golang json
45
3
100% credibility
Found Feb 04, 2026 at 36 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

PII-Shield is a drop-in companion tool that scans and hides sensitive personal information from application logs in real-time to prevent privacy breaches.

How It Works

1
😟 Worry about private info in logs

You realize your app might accidentally share sensitive details like passwords or emails in its activity records.

2
🔍 Discover PII-Shield

You find this helpful shield that automatically hides private info from logs before anyone sees them.

3
🧪 Try it on sample logs

You quickly test it by sending pretend logs through, and watch real-time as secrets turn into safe hidden codes.

4
⚙️ Place it next to your app

You set up the shield to sit right beside your running app, checking every log line as it comes out.

5
🚀 Launch your protected app

Your app starts up smoothly, now with built-in protection that feels invisible but keeps everything secure.

🛡️ Enjoy leak-proof logs

Your activity records are now safe and private, letting you focus without fear of data slips.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 36 to 45 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is pii-shield?

PII-Shield is a Go-built Kubernetes sidecar that runs zero-code log sanitization, detecting PII and secrets through entropy analysis and redacting them deterministically before logs leave your pod. It preserves JSON integrity while replacing sensitive data like API keys or passwords with unique hashes, blocking GDPR/SOC2 leaks without app changes. Pipe logs through its Docker image locally via CLI or deploy as a K8s sidecar for any runtime—Node, Python, Java, or Go.

Why is it gaining traction?

It stands out from regex-heavy tools like Fluentd or Logstash by sipping CPU with zero-GC paths and O(1) matching, handling 100k+ lines/sec on text logs and 7MB/s on JSON. Custom regex rules override entropy for compliance, whitelists skip safe patterns like git hashes, and context keywords catch unstructured secrets. Devs dig the drop-in pipe for salesforce shield pii-like needs, plus adaptive thresholds for non-English logs.

Who should use this?

K8s operators scrubbing logs for AI training datasets or compliance audits, backend teams at scale dealing with mixed JSON/text output, and security engineers mimicking pi shield defenses against flipper zero code github-style leaks. Ideal for zero code github setups where log aggregators choke on PII sanitization.

Verdict

With 42 stars and a 1.0% credibility score, it's early-stage but backed by solid unit/fuzz/stress tests and clear docs—worth a smoke test for K8s log redaction. Try the Docker pipe on your wild logs before committing; maturity lags big players but hooks on perf and determinism.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.