secrets

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 22, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package secrets masks sensitive environment-variable values so they don't leak from the inspect panel (screenshots, screen-shares) or to an AI model over MCP. Masking is policy applied above the docker layer, which always returns raw env; callers decide what the viewer is allowed to see.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsSensitive 

func IsSensitive(key, value string) bool

IsSensitive reports whether an env entry should be treated as a secret, by the variable name or by the shape of its value.

func MaskEnv 

func MaskEnv(env []string, mode Mode) []string

MaskEnv returns a copy of env ("KEY=VALUE" entries) with values masked per mode. Entries without an '=' are passed through unchanged.

func MaskValue 

func MaskValue(v string) string

MaskValue returns the placeholder for a non-empty value (empty stays empty — there's nothing to hide).

Types

type Mode 

type Mode string

Mode is how container env values are masked. 

const (
	MaskAll       Mode = "all"       // mask every value (default)
	MaskSensitive Mode = "sensitive" // mask only values that look like secrets
	MaskOff       Mode = "off"       // no masking
)

func ParseMode 

func ParseMode(s string) Mode

ParseMode maps a settings string to a Mode, defaulting to MaskAll.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.