Documentation
¶
Overview ¶
Package redact is the single source of truth for stripping Truestamp-specific secrets out of strings before they reach disk, stderr, error chains, or anywhere else an attacker could read them.
The CLI's slog handler (internal/logging.RedactingHandler) and internal/wschannel.Client both flow every observable string through String so a future contributor can't accidentally leak a key by adding a `slog.String("url", urlWithKey)` call. Treat that handler as a safety net, not as license — call sites should still avoid putting secrets in attributes.
Index ¶
Constants ¶
const REDACTED = "REDACTED"
REDACTED is the sentinel that replaces matched secret values. Tests in this package and downstream packages assert "the secret is gone" by asserting "REDACTED is present" — keep the constant exported so those assertions don't drift.
Variables ¶
This section is empty.
Functions ¶
func Error ¶
Error returns err.Error() with redaction applied. Convenience wrapper for the common `slog.String("err", redact.Error(err))` pattern. nil returns the empty string, matching err.Error()'s panic-on-nil behavior in spirit but without the panic.
func String ¶
String applies every redaction pattern to s and returns the cleaned copy. Safe for arbitrary input — no panics, no allocations beyond what regexp.ReplaceAllString needs. Returns s unchanged when no pattern matches, so the common "clean string" path is cheap.
func WrapError ¶ added in v0.9.0
WrapError returns an error whose Error() string is redacted but which still unwraps to err, so errors.Is / errors.As keep working through it. Use this (instead of fmt.Errorf with %s + Error) when an error must be both redacted for display AND remain classifiable by the caller — e.g. a token error that has to stay errors.Is(ErrSessionExpired) for the WebSocket's fatal-session detection while never leaking token bytes.
Types ¶
This section is empty.