Documentation
¶
Overview ¶
Package scrubber implements support for cleaning sensitive information out of strings and files.
Compatibility ¶
This module's API is not yet stable, and may change incompatibly from version to version.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultScrubber = &Scrubber{}
DefaultScrubber is the scrubber used by the package-level cleaning functions.
It includes a set of agent-specific replacers. It can scrub DataDog App and API keys, passwords from URLs, and multi-line PEM-formatted TLS keys and certificates. It contains special handling for YAML-like content (with lines of the form "key: value") and can scrub passwords, tokens, and SNMP community strings in such content.
See default.go for details of these replacers.
Functions ¶
func AddDefaultReplacers ¶
func AddDefaultReplacers(scrubber *Scrubber)
AddDefaultReplacers to a scrubber. This is called automatically for DefaultScrubber, but can be used to initialize other, custom scrubbers with the default replacers.
func AddStrippedKeys ¶
func AddStrippedKeys(strippedKeys []string)
AddStrippedKeys adds to the set of YAML keys that will be recognized and have their values stripped. This modifies the DefaultScrubber directly.
func ScrubBytes ¶
ScrubBytes scrubs credentials from the given slice of bytes, using the default scrubber.
Types ¶
type Replacer ¶
type Replacer struct {
// Regex must match the sensitive information
Regex *regexp.Regexp
// Hints, if given, are strings which must also be present in the text for the regexp to match.
// Especially in single-line replacers, this can be used to limit the contexts where an otherwise
// very broad Regex is actually replaced.
Hints []string
// Repl is the text to replace the substring matching Regex. It can use the regexp package's
// replacement characters ($1, etc.) (see regexp#Regexp.ReplaceAll).
Repl []byte
// ReplFunc, if set, is called with the matched bytes (see regexp#Regexp.ReplaceAllFunc). Only
// one of Repl and ReplFunc should be set.
ReplFunc func(b []byte) []byte
}
Replacer represents a replacement of sensitive information with a "clean" version.
type ReplacerKind ¶
type ReplacerKind int
ReplacerKind modifies how a Replacer is applied
const ( // SingleLine indicates to Cleaner#AddReplacer that the replacer applies to // single lines. SingleLine ReplacerKind = iota // MultiLine indicates to Cleaner#AddReplacer that the replacer applies to // entire multiline text values. MultiLine )
type Scrubber ¶
type Scrubber struct {
// contains filtered or unexported fields
}
Scrubber implements support for cleaning sensitive information out of strings and files. Its intended use is to "clean" data before it is logged or transmitted to a remote system, so that the meaning of the data remains clear without disclosing any sensitive information.
Scrubber works by applying a set of replacers, in order. It first applies all SingleLine replacers to each non-comment, non-blank line of the input.
Comments and blank lines are omitted. Comments are considered to begin with `#`.
It then applies all MultiLine replacers to the entire text of the input.
func (*Scrubber) AddReplacer ¶
func (c *Scrubber) AddReplacer(kind ReplacerKind, replacer Replacer)
AddReplacer adds a replacer of the given kind to the scrubber.
func (*Scrubber) ScrubBytes ¶
ScrubBytes scrubs credentials from slice of bytes
Source Files