Documentation ¶
Overview ¶
Package camo provides the Secret type, which is a comparable, immutable wrapper around a string or byte slice that is opaque to reflection, making it useful for preventing secret data (such as passwords and API keys) from accidental serialization and storage or transfer over the wire.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Obscurable ¶
Obscurable is the set of types that can be obscured by the Secret type.
type Secret ¶
type Secret[O Obscurable] struct { // contains filtered or unexported fields }
Secret is secret data that cannot be inspected via reflection techniques, which is useful for preventing secret data from accidental serialization and storage or transfer over the wire.
Just to be clear, this isn't a hard constraint. While it will thwart a well-intentioned developer, even if they are using "unsanctioned" reflection such as those used by the go-spew package, truly malicious code still has access to this memory, and of course could still call the method which returns the underlying data.
The zero value of this type is intentionally distinguishable from an empty secret, so that empty secrets do not appear as a form of null when reflection code inspects the data structure.
Another thing to note about the zero value is that the Reveal and Append methods will panic. Other methods such as comparisons will not. This is analogous to the behavior of nil.
It is immutable, so it is safe to pass around by value.
It is comparable, so it can be used as a map key.
func Obscure ¶
func Obscure[O Obscurable](content O) Secret[O]
Obscure returns a Secret that wraps the given content. The content must be a string or byte slice. If a byte slice is given it will be copied into a newly allocated byte slice owned by the Secret.
func (Secret[O]) AppendTo ¶
AppendTo appends the secret to the byte slice, and returns the updated slice. It panics if the secret is zero.