Documentation ¶
Overview ¶
Package logfusc provides a generic Secret type that obsufcates all string representations of its wrapped value, preventing sensitive data from being inadvertently written to output.
It is a lightweight approach to redacting secrets and personally identifiable information from logs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Secret ¶
type Secret[T any] struct { // contains filtered or unexported fields }
Secret wraps a sensitive value, preventing it from being inadvertently written to output. This insures against human error leading to runtime data leaks. It is not a secrets manager, and has no cryptographic components.
Satisfies fmt.Stringer, fmt.GoStringer, encoding/json.Marshaler and encoding/json.Unmarshaler.
Secret is NOT thread-safe, but references to the wrapped value should not be retained after instantiation, so this shouldn't be a problem.
func NewSecret ¶
NewSecret returns a new Secret containing an instance of T. It is recommended to pass a value type, not a pointer, since any retained references to the wrapped value won't benefit from Secret's protection.
func (Secret[T]) Expose ¶
func (s Secret[T]) Expose() T
Expose returns the wrapped secret for use, at which point it is vulnerable to leaking to output.
func (Secret[_]) GoString ¶
GoString satisfies `fmt.GoStringer`, which controls formatting in response to the `%#v` directive, preventing the inner value from being printed.
func (Secret[_]) MarshalJSON ¶
MarshalJSON satisfies encoding/json.Marshaler, preventing the inner value from being inadvertently marshaled to JSON (e.g. as part of a structured log entry).
If the wrapped secret that must be marshaled for transport, call Secret.Expose to unwrap it.
func (Secret[_]) String ¶
String renders the Secret and its contents in the format `REDACTED T`, where T is the type of the obfuscated value.
func (*Secret[T]) UnmarshalJSON ¶
UnmarshalJSON satisfies encoding/json.Unmarshaler, allowing a sensitive value to be unmarshaled directly into a Secret.
If `data` cannot be unmarshaled into type T, an UnmarshalError is returned.
type UnmarshalError ¶
type UnmarshalError[T any] struct { // contains filtered or unexported fields }
UnmarshalError is returned by [Secret.Unmarshal] if the provided JSON cannot be unmarshaled into the the type T wrapped by a Secret. It is returned instead of the standard encoding/json errors to prevent leakage of the secret (however malformed).
func (*UnmarshalError[T]) Error ¶
func (e *UnmarshalError[T]) Error() string