This library provides a simple, lightweight, and dependency-free way to sanitize objects, dictionaries, and collections in .NET applications that support .NET Standard 2.0.
Its purpose is to remove or clear sensitive information before logging, serializing, or transmitting data.
Many applications need to handle objects that contain personal or confidential information such as emails, phone numbers, tokens, IDs, or credentials.
If these objects are:
- logged,
- returned in API responses,
- persisted for diagnostics,
- sent to third-party systems,
- or serialized for analytics,
they may expose sensitive fields that should remain private.
Failing to sanitize data can lead to:
- privacy violations,
- leaked credentials,
- production logs containing personal information,
- GDPR / LGPD / HIPAA compliance issues,
- accidental information disclosure during debugging or exception handling.
Data sanitization reduces these risks by ensuring sensitive fields are removed or overwritten before the data leaves the trusted boundary.
This library makes it safe, automatic, and consistent.
- Sanitizes complex object graphs recursively
- Handles nested objects, lists, arrays, and dictionaries
- Supports both generic and non-generic
IDictionary - Removes sensitive values by:
- emptying collections/dictionaries
- masking sttrings
- replacing scalars with default values
- Built on .NET Standard 2.0
- Inject
ISensitiveDataSanitizer(not necessary, but recommended). For example:
builder.Services.AddSingleton<ISensitiveDataSanitizer, SensitiveDataSanitizer>();- Mark class properties as sensitive:
public class Person
{
public string ID { get; set; }
[Sensitive]
public string FullName { get; set; }
[Sensitive]
public string CreditCardNumber { get; set; }
}- Clean an instance of the class:
public class MyClass
{
private readonly ISensitiveDataSanitizer _sensitiveDataSanitizer;
public MyClass(ISensitiveDataSanitizer sensitiveDataSanitizer) =>
_sensitiveDataSanitizer = sensitiveDataSanitizer;
public void MyMethod()
{
var person = new Person
{
ID = "1",
FullName = "John Smith",
CreditCardNumber = "1234 5678 1234 5678"
};
var sanitizedPerson = _sensitiveDataSanitizer(person);
/*
* sanitizedPerson is a new instance of Person with the fields:
*
* ID = 1
* FullName = "****",
* CreditCardNumber = "****"
*/
}
}