redact

package
v0.3.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2026 License: AGPL-3.0 Imports: 1 Imported by: 0

Documentation

Overview

Package redact scrubs live credentials from text before it is persisted.

A memory store inevitably records conversations and shell activity, so the realistic security goal is not "the content is invisible if the DB leaks" (it can't be — that's what the data is) but "the DB holds no usable credentials". Scrubbing secrets at every ingestion path bounds the blast radius of a database compromise to information disclosure, never lateral movement via leaked tokens/keys.

The rules target high-signal, low-false-positive secret shapes. They are best-effort: an exotic credential format can slip through, so this is one layer of defense, not a guarantee.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Metadata 

func Metadata(m map[string]any) map[string]any

Metadata walks a metadata map and scrubs every string value in place (recursing into nested maps and slices), so secrets buried in structured fields — e.g. a digest's captured shell commands — are caught too. Returns the same map for call-site convenience; nil stays nil.

func Secrets 

func Secrets(s string) string

Secrets scrubs known secret shapes from s, returning the cleaned text. Empty input is returned unchanged.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.