README
¶
go-conceal
Guard against logging secrets in Go.
conceal (verb):
1. to hide; withdraw or remove from observation
2. to keep secret; to prevent or avoid disclosing
Project Overview
Module github.com/shoenig/go-conceal can be used to help protect against sensitive
values from being exposed in places they shouldn't be, particularly in log lines.
Getting Started
The conceal package can be gotten with go get:
$ go get github.com/shoenig/go-conceal
Example Usage
// protect a string value
text := conceal.New("abc123")
fmt.Sprintf("%s", text) // prints "<redacted>"
fmt.Sprintf("%#v", text) // prints "conceal.Text{}"
// protect a byte slice
b := conceal.NewBytes([]byte{1, 2, 3})
fmt.Sprintf("%s", b) // prints "<redacted>"
fmt.Sprintf("%#v", b) // prints "conceal.Bytes{}"
// get access to the underlying secret values
doThings(text.Unveil(), b.Unveil())
Contributing
The github.com/shoenig/go-conceal module is always improving with new features
and error corrections. For contributing bug fixes and new features please file
an issue.
License
The github.com/shoenig/go-conceal module is open source under the BSD-3-Clause license.
Documentation
¶
Overview ¶
Package conceal provides types for protecting sensitive text in logs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Bytes ¶
type Bytes struct {
// contains filtered or unexported fields
}
A Bytes secret contains a byte slice which should not be exposed.
This type overrides String and GoString such that the underlying data does not get exposed (typically through log statements) accidentally.
To get at the underlying data, use the Secret method.
Unlike a Go byte slice, Bytes is not 'comparable' (it can't be a map key or support ==). Use its Equal method to compare.
func NewBytes ¶
NewBytes returns a Bytes that keeps b a secret.
A copy of b is created, so that later changes to b have no effect on the protected value.
func (*Bytes) Hash ¶
Hash creates a deterministic hash from the content of t.
Implements hashicorp/go-set/HashFunc[int].
type Text ¶
type Text struct {
// contains filtered or unexported fields
}
A Text contains a string which should not be exposed (e.g. in logs).
This type overrides String and GoString such that the underling data does not get exposed (typically through log statements) accidentally.
To get at the underlying data, use the Secret method.
Unlike a Go string, Text is not 'comparable' (it can't be a map key or support ==). Use its Equal method to compare, and its Hash method for use in a hashicorp/go-set.HashMap[Text].
func UUIDv4 ¶ added in v0.5.0
func UUIDv4() *Text
UUIDv4 creates a quasi uuid v4 formatted string, useable for secrets.
Not strictly compliant with uuid v4 as these do not contain version bits.
func (*Text) Hash ¶
Hash creates a deterministic hash from the content of t.
Implements hashicorp/go-set/HashFunc[int].
func (*Text) MarshalText ¶
MarshalText implements the encoding.TextMarshaller interface, which is also compatible with the encoding/json marshaller.
func (*Text) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface, which is also compatible with the encoding/json un-marshaller.
Source Files