| title | Redact and Handle Sensitive Data | ||||||
|---|---|---|---|---|---|---|---|
| id | data-redacted | ||||||
| skillLevel | intermediate | ||||||
| applicationPatternId | core-concepts | ||||||
| summary | Use Redacted to securely handle sensitive data, ensuring secrets are not accidentally logged or exposed. | ||||||
| tags |
|
||||||
| rule |
|
||||||
| related |
|
||||||
| author | PaulJPhilp | ||||||
| lessonOrder | 13 |
Use the Redacted data type to securely handle sensitive data such as passwords, API keys, or tokens.
Redacted ensures that secrets are not accidentally logged, serialized, or exposed in error messages.
Sensitive data should never appear in logs, traces, or error messages.
Redacted provides a type-safe way to mark and protect secrets throughout your application.
import { Redacted } from "effect";
// Wrap a sensitive value
const secret = Redacted.make("super-secret-password");
// Use the secret in your application logic
function authenticate(user: string, password: Redacted.Redacted<string>) {
// ... authentication logic
}
// Logging or stringifying a Redacted value
console.log(`Password: ${secret}`); // Output: Password: <redacted>
console.log(String(secret)); // Output: <redacted>Explanation:
Redacted.make(value)wraps a sensitive value.- When logged or stringified, the value is replaced with
<redacted>. - Prevents accidental exposure of secrets in logs or error messages.
Passing sensitive data as plain strings, which can be accidentally logged, serialized, or leaked in error messages.