Go AuditField Exclusion
Exclude sensitive fields like password and token from being audited.
Some fields shouldn't appear in audit logs — passwords, refresh tokens, card numbers. Go Audit has two levers: per-field exclusion and per-entity exclusion.
Per-Field Exclusion
DataAudit: audit.DataAuditConfig{
ExcludeFields: []string{"password", "token", "api_key"},
}Matching fields are dropped from both old_values and
new_values before the audit row is written. The audit record does
not mention them at all.
If the only field that changed in an update is excluded, the whole UPDATE record is suppressed — no row is written.
Matching rules
- Case-sensitive on the map key.
- Matched against the key produced by the ORM adapter, which is the DB column name in practice.
- Only top-level keys are checked; nested JSON structures are not walked for field exclusion.
Per-Entity Exclusion
To skip an entity entirely (no audit record at all, regardless of fields):
DataAudit: audit.DataAuditConfig{
ExcludeEntities: []string{"sessions", "cache_entries"},
}Useful for high-churn tables where audit volume would outweigh the signal.
Comparison
| Behavior | ExcludeFields | ExcludeEntities |
|---|---|---|
| Row written on other-field change | Yes | No |
| Row written on excluded-only change | No | No |
| Value stored | field omitted | N/A |
| Change detectable externally | No (for that field) | No |
API Call Fields
For outbound API calls, sensitive fields are masked with
"***REDACTED***" rather than dropped — see
Auto Redaction for the different
semantics and rationale.
Dynamic Exclusion
Exclusion is a static config on the Auditor. If exclusion needs to
depend on context (per-tenant policy, for example), run two
Auditor instances with different configs and route writes to the
one whose policy applies.