redact

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: MIT Imports: 1 Imported by: 0

Documentation

Overview

Package redact is the single source of truth for stripping Truestamp-specific secrets out of strings before they reach disk, stderr, error chains, or anywhere else an attacker could read them.

The CLI's slog handler (internal/logging.RedactingHandler) and internal/wschannel.Client both flow every observable string through String so a future contributor can't accidentally leak a key by adding a `slog.String("url", urlWithKey)` call. Treat that handler as a safety net, not as license — call sites should still avoid putting secrets in attributes.

Index

Constants

View Source 
const REDACTED = "REDACTED"

REDACTED is the sentinel that replaces matched secret values. Tests in this package and downstream packages assert "the secret is gone" by asserting "REDACTED is present" — keep the constant exported so those assertions don't drift.

Variables

This section is empty.

Functions

func Error 

func Error(err error) string

Error returns err.Error() with redaction applied. Convenience wrapper for the common `slog.String("err", redact.Error(err))` pattern. nil returns the empty string, matching err.Error()'s panic-on-nil behavior in spirit but without the panic.

func String 

func String(s string) string

String applies every redaction pattern to s and returns the cleaned copy. Safe for arbitrary input — no panics, no allocations beyond what regexp.ReplaceAllString needs. Returns s unchanged when no pattern matches, so the common "clean string" path is cheap.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.