configopaque

package module
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 6, 2024 License: Apache-2.0 Imports: 1 Imported by: 123

Documentation

Overview

Package configopaque implements a String type alias to mask sensitive information. Use configopaque.String on the type of sensitive fields, to mask the opaque string as `[REDACTED]`.

This ensures that no sensitive information is leaked in logs or when printing the full Collector configurations.

The only way to view the value stored in a configopaque.String is to first convert it to a string by casting with the builtin `string` function.

To achieve this, configopaque.String implements standard library interfaces like fmt.Stringer, encoding.TextMarshaler and others to ensure that the underlying value is masked when printed or serialized.

If new interfaces that would leak opaque values are added to the standard library or become widely used in the Go ecosystem, these will eventually be implemented by configopaque.String as well. This is not considered a breaking change.

Example (OpaqueMap)
cfg := &ExampleConfigMap{
	Censored: map[string]configopaque.String{
		"token": "sensitivetoken",
	},
	Uncensored: map[string]string{
		"key":   "cloud.zone",
		"value": "zone-1",
	},
}

// yaml marshaling
bytes, err := yaml.Marshal(cfg)
if err != nil {
	panic(err)
}
fmt.Printf("encoded cfg (YAML) is:\n%s\n\n", string(bytes))
Output:

encoded cfg (YAML) is:
censored:
    token: '[REDACTED]'
uncensored:
    key: cloud.zone
    value: zone-1
Example (OpaqueSlice)
package main

import (
	"encoding/json"
	"fmt"

	"go.opentelemetry.io/collector/config/configopaque"
)

func main() {
	cfg := &ExampleConfigSlice{
		Censored:   []configopaque.String{"data", "is", "sensitive"},
		Uncensored: []string{"data", "is", "not", "sensitive"},
	}

	// JSON marshaling
	bytes, err := json.MarshalIndent(cfg, "", "  ")
	if err != nil {
		panic(err)
	}
	fmt.Printf("encoded cfg (JSON) is\n%s\n\n", string(bytes))
}

type ExampleConfigSlice struct {
	Censored   []configopaque.String
	Uncensored []string
}
Output:

encoded cfg (JSON) is
{
  "Censored": [
    "[REDACTED]",
    "[REDACTED]",
    "[REDACTED]"
  ],
  "Uncensored": [
    "data",
    "is",
    "not",
    "sensitive"
  ]
}
Example (OpaqueString)
rawBytes := []byte(`{
		"Censored":   "sensitive",
		"Uncensored": "not sensitive"
	}`)

// JSON unmarshaling
var cfg ExampleConfigString
err := json.Unmarshal(rawBytes, &cfg)
if err != nil {
	panic(err)
}

// YAML marshaling
bytes, err := yaml.Marshal(cfg)
if err != nil {
	panic(err)
}
fmt.Printf("encoded cfg (YAML) is:\n%s\n\n", string(bytes))
Output:

encoded cfg (YAML) is:
censored: '[REDACTED]'
uncensored: not sensitive

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type String

type String string

String alias that is marshaled and printed in an opaque way. To recover the original value, cast it to a string.

func (String) GoString added in v0.93.0

func (s String) GoString() string

GoString formats the string as `[REDACTED]`. This is used for the %#v verb.

func (String) MarshalBinary added in v0.93.0

func (s String) MarshalBinary() (text []byte, err error)

MarshalBinary marshals the string `[REDACTED]` as []byte.

func (String) MarshalText

func (s String) MarshalText() ([]byte, error)

MarshalText marshals the string as `[REDACTED]`.

func (String) String added in v0.93.0

func (s String) String() string

String formats the string as `[REDACTED]`. This is used for the %s and %q verbs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL