A simple library for keeping secrets out of logs.
Redact provides a wrapper that prevents secrets from appearing in logs.
use redact::Secret;
let encryption_key = Secret::new("hello world");
assert_eq!("[REDACTED &str]", format!("{encryption_key:?}"))The underlying secret contained within the wrapper can only be accessed using the [expose_secret][Secret::expose_secret] method1.
use redact::Secret;
let encryption_key = Secret::new("hello world");
assert_eq!("hello world", *encryption_key.expose_secret())The Secret type doubles as a useful documentation tool.
Documenting values maintainers should be careful with.
#[derive(Debug)] // Safe since Debug is not able to "see" our `Secret`s
struct Payment {
// The recipient is PII so we don't want it to appear in logs
recipient: Secret<String>,
// It's okay for the amount to appear in logs so we don't mark it with `Secret`
amount: u64,
}Secrecy was the original inspiration for this crate and it has a very similar API.
One significant difference is that secrecy requires that all secrets implement Zeroize so that it can cleanly wipe secrets from memory after they are dropped.
This unfortunately limits the types of values that secrecy can wrap in a Secret since every type has to be aware of Zeroize.
Redact relaxes this requirement, allowing all types to be Secrets. If you need zeroization consider secrecy.
Secrets provides even stronger memory protection than secrecy using mlock(2)/mprotect(2) among other things.
If you need strong memory protection before and after a Secret is dropped consider secrets.
Footnotes
-
[serde::Serialize] is implemented on [Secret] for convenience. Be careful when serializing since it may leak secrets without an explicit call to [expose_secret][Secret::expose_secret]. ↩