Show HN: A Mutating Webhook to automatically strip PII from K8s logs

Category: security

Tags: kubernetes, pii-redaction, log-sanitizer, security, operator

Score: 7.5/10 (Innovation: 7, Technical: 8, Documentation: 8, Utility: 7)

PII-Shield is a Kubernetes mutating webhook that automatically redacts Personally Identifiable Information from pod logs using a sidecar or in-process WASM model. It combines entropy-based detection with deterministic regex rules and zero-allocation JSON parsing, offering a unique approach to compliance and preventing sensitive data leakage into log aggregators and AI training pipelines.

Target audience: backend devs, devops, security engineers

Repository: https://github.com/aragossa/pii-shield · Go · Apache-2.0 · 107 stars

View on Hacker News