Documentation
¶
Overview ¶
Package redaction handles secret redaction
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Custom patterns to redact (e.g. "INT-[A-Z0-9]{16}")
Patterns []string
// JSON paths to always redact (e.g. "config.password")
Paths []string
// If true, replace with hash instead of [REDACTED]
HashMode bool
// Salt for hashing (prevents rainbow tables). If empty, hash is deterministic but unsalted.
Salt string
// If true, disable gitleaks detector and use only custom patterns
// Default: false (gitleaks enabled for comprehensive 222+ pattern coverage)
DisableGitleaks bool
}
Config holds the configuration for the Redactor.
type Redactor ¶
type Redactor struct {
// contains filtered or unexported fields
}
Redactor handles sanitization of sensitive data. All fields are read-only after construction, making it safe for concurrent use.
func (*Redactor) Redact ¶
func (r *Redactor) Redact(data interface{}) interface{}
Redact sanitizes the given data structure. It modifies the data in-place if it's a pointer, or returns a new copy. Supported types: string, []interface{}, map[string]interface{}, and pointers to them.
func (*Redactor) ScrubString ¶
ScrubString replaces sensitive patterns in a string. Uses gitleaks detector (222+ patterns) first, then falls back to regex patterns.
Source Files
Click to show internal directories.
Click to hide internal directories.