Documentation ¶
Overview ¶
Package secret provides types to guard your secret values from leaking into logs, std* etc.
The objective is to disallow writing/serializing of secret values to std*, logs, JSON string etc. but provide access to the secret when requested explicitly.
Index ¶
Examples ¶
Constants ¶
const DefaultRedact string = "*****"
DefaultRedact is used by default if no other redact hint is given.
Variables ¶
This section is empty.
Functions ¶
func CustomRedact ¶
CustomRedact option sets the value of r as the redact hint.
Example ¶
s := secret.NewText("$ecre!", secret.CustomRedact("HIDDEN")) fmt.Println(s, s.Value())
Output: HIDDEN $ecre!
Types ¶
type Text ¶
type Text struct {
// contains filtered or unexported fields
}
Text provides a way to safely store your secret value and a corresponding redact hint. This redact hint what is used in operations like printing and serializing. The default value of Text is usable.
Example ¶
s := secret.Text{} fmt.Println(s, s.Value())
Output: *****
func NewText ¶
NewText creates a new Text instance with s as the secret value. Multiple option functions can be passed to alter default behavior.
Example ¶
s := secret.NewText("$ecre!") fmt.Println(s, s.Value())
Output: ***** $ecre!
func (*Text) Equals ¶ added in v2.1.0
Equals checks whether s2 has same secret string or not.
Example ¶
s1 := secret.NewText("hello") s2 := secret.NewText("hello") s3 := secret.NewText("hi") fmt.Println(s1.Equals(s2)) fmt.Println(s1.Equals(s3))
Output: true false
func (Text) MarshalJSON ¶
MarshalJSON allows Text to be serialized into a JSON string. Only the redact hint is part of the the JSON string.
Example ¶
login := struct { User string Password secret.Text }{ User: "John", Password: secret.NewText("shh!"), } bytes, err := json.Marshal(&login) if err != nil { panic(err) } fmt.Println(string(bytes))
Output: {"User":"John","Password":"*****"}
func (Text) MarshalText ¶ added in v2.3.0
MarshalText implements encoding.TextMarshaler. It marshals redact string into bytes rather than the actual secret value.
Example ¶
sec := secret.NewText("secret!") bytes, err := sec.MarshalText() if err != nil { panic(err) } fmt.Println(string(bytes))
Output: *****
func (Text) String ¶
String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.
func (*Text) UnmarshalJSON ¶
UnmarshalJSON allows a JSON string to be deserialized into a Text value. DefaultRedact is set as the redact hint.
Example ¶
login := struct { User string Password secret.Text }{} err := json.Unmarshal([]byte(`{"User":"John","Password":"$ecre!"}`), &login) if err != nil { panic(err) } fmt.Printf("%+v\n", login) fmt.Println(login.Password.Value())
Output: {User:John Password:*****} $ecre!
func (*Text) UnmarshalText ¶ added in v2.3.0
UnmarshalText implements encoding.TextUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise DefaultRedact is used.
Example ¶
sec := secret.Text{} err := sec.UnmarshalText([]byte(`$ecre!`)) if err != nil { panic(err) } fmt.Println(sec, sec.Value())
Output: ***** $ecre!