secret

package module
Version: v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 13, 2022 License: MIT Imports: 2 Imported by: 0

README

GoDev Build Status Go Report Card

secret v2

What secret is?
  • It provides simple Go types like secret.Text to encapsulate your secret. Example:
type Login struct {
    User string
    Password secret.Text
}
  • The encapsulated secret remains inaccessible to operations like printing, logging, JSON serializtion etc. A (customizable) redact hint like ***** is returned instead.
  • The only way to access the actual secret value is by asking explicitly via the .Value() method.
  • See godev reference for usage examples.
What secret is not?
  • It is not a secret management service or your local password manager.
  • It is not a Go client to facilitate communication with secret managers like Hashicorp Vault, AWS secret Manager etc. Checkout teller if that is what you are looking for.
Installation
go get github.com/rsjethani/secret/v2

NOTE: v1 is deprecated now.

Documentation

Overview

Package secret provides types to guard your secret values from leaking into logs, std* etc.

The objective is to disallow writing/serializing of secret values to std*, logs, JSON string etc. but provide access to the secret when requested explicitly.

Index

Examples

Constants

View Source
const DefaultRedact string = "*****"

DefaultRedact is used by default if no other redact hint is given.

Variables

This section is empty.

Functions

func CustomRedact

func CustomRedact(r string) func(*Text)

CustomRedact option sets the value of r as the redact hint.

Example
s := secret.NewText("$ecre!", secret.CustomRedact("HIDDEN"))
fmt.Println(s, s.Value())
Output:

HIDDEN $ecre!

func FiveXs

func FiveXs(s *Text)

FiveXs option sets "XXXXX" as the redact hint.

Example
s := secret.NewText("$ecre!", secret.FiveXs)
fmt.Println(s, s.Value())
Output:

XXXXX $ecre!

func Redacted

func Redacted(s *Text)

Redacted option sets "[REDACTED]" as the redact hint.

Example
s := secret.NewText("$ecre!", secret.Redacted)
fmt.Println(s, s.Value())
Output:

[REDACTED] $ecre!

Types

type Text

type Text struct {
	// contains filtered or unexported fields
}

Text provides a way safely to store your secret value and a corresponding redact hint. By default this redact hint is returned for operations like printing and serializing.

func NewText

func NewText(s string, options ...func(*Text)) Text

NewText creates a new Text instance with s as the secret value. Multiple option functions can be passed to alter default behavior.

Example
s := secret.NewText("$ecre!")
fmt.Println(s, s.Value())
Output:

***** $ecre!

func (*Text) Equals added in v2.1.0

func (s *Text) Equals(s2 Text) bool

Equals checks whether s2 has same secret string or not.

Example
s1 := secret.NewText("hello")
s2 := secret.NewText("hello")
s3 := secret.NewText("hi")
fmt.Println(s1.Equals(s2))
fmt.Println(s1.Equals(s3))
Output:

true
false

func (Text) MarshalJSON

func (s Text) MarshalJSON() ([]byte, error)

MarshalJSON allows Text to be serialized into a JSON string. Only the redact hint is part of the the JSON string.

Example
login := struct {
	User     string
	Password secret.Text
}{
	User:     "John",
	Password: secret.NewText("shh!"),
}

bytes, err := json.Marshal(&login)
if err != nil {
	panic(err)
}

fmt.Println(string(bytes))
Output:

{"User":"John","Password":"*****"}

func (Text) String

func (s Text) String() string

String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.

func (*Text) UnmarshalJSON

func (s *Text) UnmarshalJSON(b []byte) error

UnmarshalJSON allows a JSON string to be deserialized into a Text value. DefaultRedact is set as the redact hint.

Example
login := struct {
	User     string
	Password secret.Text
}{}

err := json.Unmarshal([]byte(`{"User":"John","Password":"$ecre!"}`), &login)
if err != nil {
	panic(err)
}

fmt.Printf("%+v\n", login)
fmt.Println(login.Password.Value())
Output:

{User:John Password:*****}
$ecre!

func (Text) Value

func (s Text) Value() string

Value gives you access to the actual secret value stored inside Text.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL