Liking cljdoc? Tell your friends :D

sensitive

License Clojars Project CircleCI

Wraps sensitive information in a derefable wrapper to prevent it accidentally leaking into logs.

Inspired by hearing the story behind this CircleCI blog post and then discovering that their own solution was almost identical to what I'd come up with.

Installation

Add the following to your project.clj:

[chrisjd/sensitive "0.1.0"]

Usage

Use the sensitive function to wrap sensitive values:

user> (require '[sensitive.core :refer [sensitive]])
nil
user> (def password (sensitive "swordfish"))
#'user/password
user> password
"***REDACTED***"
user> (str "the password is: " password)
"the password is: ***REDACTED***"

Deref the value to obtain the secret:

user> (str "the password is: " @password)
"the password is: swordfish"

If you'd prefer a different redaction string, rebind sensitive.core/*redacted-string*:

user> (binding [sensitive.core/*redacted-string* "XXX"]
        (println (sensitive "foo")))
XXX
nil

Documentation

Examples

From EDN

Use the custom readers feature of clojure.edn for convenience in loading sensitive values from EDN.

We use the #sensitive tag in our configuration file:

{:username "foo"
 :password #sensitive "bar"}

Then we use the :readers option to handle with sensitive.core/sensitive:

user> (let [cfg (clojure.edn/read-string {:readers {'sensitive sensitive}}
                                   (slurp "config.edn"))]
        (println (str "loaded: " cfg))
        (println (str "password: " @(:password cfg))))
loaded: {:username "foo", :password "***REDACTED***"}
password: bar
nil

License

Copyright © 2018 Chris J-D

Distributed under the MIT License: https://opensource.org/licenses/MIT

Can you improve this documentation?Edit on GitHub

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close