Skip to content

Proposal: Add Req.secret to Req #461

Open
Open
Proposal: Add Req.secret to Req#461
@venkatd

Description

@venkatd
venkatd
opened on Feb 27, 2025

I notice you have a private method where you redact secrets in Req like so:

    defp redact(string) do
      len = String.length(string)

      if len < 4 do
        String.duplicate("*", len)
      else
        String.slice(string, 0, 3) <> String.duplicate("*", len - 3)
      end
    end

I was wondering if exposing something like Req.secret or Req.Secret.new to wrap secrets (for example to avoid mistakenly printing them out in livebook) could be a general purpose solution.

In our project we have something like this:

defmodule Ex.Req.Secret do
  defstruct [:value]

  def new(value) do
    %__MODULE__{value: value}
  end

  defimpl Inspect do
    def inspect(%Ex.Req.Secret{value: value}, _opts) do
      len = String.length(value)

      if len < 4 do
        "#Req.Secret<" <> String.duplicate("*", len) <> ">"
      else
        "#Req.Secret<" <> String.slice(value, 0, 3) <> String.duplicate("*", len - 3) <> ">"
      end
    end
  end

  defimpl String.Chars do
    def to_string(%Ex.Req.Secret{value: value}) do
      value
    end
  end
end

Then if I print out a Req client in livebook, the options will show up like this:

...
        access_key_id: #Ex.Req.Secret<abc*****************************>,
        secret_access_key: #Ex.Req.Secret<def*************************************************************>,
...

Thoughts?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions