A minimal wrapper to redact credentials in sys.stdout and sys.stderr

redact.py

import io
import sys


class RedactIO(io.IOBase):
    """
    A minimal io wrapper to redact sensitive data.
    """

    def __init__(self, buffer, redactions: dict[str, str], **kwargs) -> None:
        self.buffer = buffer
        self.redactions = redactions
        super().__init__(**kwargs)

    def write(self, __s):
        for k, v in self.redactions.items():
            __s = __s.replace(v, f"{{{k}}}")
        self.buffer.write(__s)


if __name__ == "__main__":
    SENSITIVE_DATA = {"PASSWORD": "Password123"}
    
    sys.stdout = RedactIO(sys.stdout, SENSITIVE_DATA)
    sys.stderr = RedactIO(sys.stderr, SENSITIVE_DATA)

    print(SENSITIVE_DATA)  # [stdout]: `{'PASSWORD': '{{PASSWORD}}'}`