Documentation
¶
Overview ¶
Package secrets provides utilities for secure handling of sensitive data. This package ensures API keys and other secrets are never exposed in logs, error messages, or exported configurations.
Index ¶
- func FormatKeySource(envVarName string, hasDirectKey bool) string
- func IsPotentialSecret(s string) bool
- func MaskAPIKey(key string) string
- func MaskAllSecrets(s string) string
- func MaskBearer(s string) string
- func MaskJSONSecrets(jsonData []byte) []byte
- func RedactForLog(s string) string
- func SanitizeHeaders(headers map[string][]string) map[string][]string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FormatKeySource ¶
FormatKeySource returns a display string for where an API key came from.
func IsPotentialSecret ¶
IsPotentialSecret checks if a string looks like it might be a secret.
func MaskAPIKey ¶
MaskAPIKey masks an API key for safe display. Shows only the first 4 and last 4 characters. For very short keys, returns "***".
func MaskAllSecrets ¶
MaskAllSecrets masks all known secret patterns in a string. Useful for sanitizing log output or error messages.
func MaskJSONSecrets ¶
MaskJSONSecrets masks sensitive fields in JSON data. This is useful for sanitizing request/response logs.
func RedactForLog ¶
RedactForLog returns a string safe for logging. This is the primary function to use when logging any user-provided or configuration-derived data that might contain secrets.
Types ¶
This section is empty.
Source Files