Documentation
¶
Overview ¶
Package configopaque implements a String type alias to mask sensitive information. Use configopaque.String on the type of sensitive fields, to mask the opaque string as `[REDACTED]`.
This ensures that no sensitive information is leaked in logs or when printing the full Collector configurations.
The only way to view the value stored in a configopaque.String is to first convert it to a string by casting with the builtin `string` function.
To achieve this, configopaque.String implements standard library interfaces like fmt.Stringer, encoding.TextMarshaler and others to ensure that the underlying value is masked when printed or serialized.
If new interfaces that would leak opaque values are added to the standard library or become widely used in the Go ecosystem, these will eventually be implemented by configopaque.String as well. This is not considered a breaking change.
Example (OpaqueMap) ¶
cfg := &ExampleConfigMap{
Censored: map[string]configopaque.String{
"token": "sensitivetoken",
},
Uncensored: map[string]string{
"key": "cloud.zone",
"value": "zone-1",
},
}
// yaml marshaling
bytes, err := yaml.Marshal(cfg)
if err != nil {
panic(err)
}
fmt.Printf("encoded cfg (YAML) is:\n%s\n\n", string(bytes))
Output: encoded cfg (YAML) is: censored: token: '[REDACTED]' uncensored: key: cloud.zone value: zone-1
Example (OpaqueSlice) ¶
package main
import (
"encoding/json"
"fmt"
"go.opentelemetry.io/collector/config/configopaque"
)
func main() {
cfg := &ExampleConfigSlice{
Censored: []configopaque.String{"data", "is", "sensitive"},
Uncensored: []string{"data", "is", "not", "sensitive"},
}
// JSON marshaling
bytes, err := json.MarshalIndent(cfg, "", " ")
if err != nil {
panic(err)
}
fmt.Printf("encoded cfg (JSON) is\n%s\n\n", string(bytes))
}
type ExampleConfigSlice struct {
Censored []configopaque.String
Uncensored []string
}
Output: encoded cfg (JSON) is { "Censored": [ "[REDACTED]", "[REDACTED]", "[REDACTED]" ], "Uncensored": [ "data", "is", "not", "sensitive" ] }
Example (OpaqueString) ¶
rawBytes := []byte(`{
"Censored": "sensitive",
"Uncensored": "not sensitive"
}`)
// JSON unmarshaling
var cfg ExampleConfigString
err := json.Unmarshal(rawBytes, &cfg)
if err != nil {
panic(err)
}
// YAML marshaling
bytes, err := yaml.Marshal(cfg)
if err != nil {
panic(err)
}
fmt.Printf("encoded cfg (YAML) is:\n%s\n\n", string(bytes))
Output: encoded cfg (YAML) is: censored: '[REDACTED]' uncensored: not sensitive
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type String ¶
type String string
String alias that is marshaled and printed in an opaque way. To recover the original value, cast it to a string.
func (String) GoString ¶ added in v0.93.0
GoString formats the string as `[REDACTED]`. This is used for the %#v verb.
func (String) MarshalBinary ¶ added in v0.93.0
MarshalBinary marshals the string `[REDACTED]` as []byte.
func (String) MarshalText ¶
MarshalText marshals the string as `[REDACTED]`.
Source Files