enseal 0.15.1

Secure, ephemeral secret sharing for developers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

use super::{Entry, EnvFile};

/// Produce a copy of an EnvFile with all values replaced by `<REDACTED>`.
/// Preserves keys, comments, and structure.
pub fn redact(env: &EnvFile) -> EnvFile {
    let entries = env
        .entries
        .iter()
        .map(|entry| match entry {
            Entry::KeyValue { key, .. } => Entry::KeyValue {
                key: key.clone(),
                value: "<REDACTED>".to_string(),
            },
            other => other.clone(),
        })
        .collect();

    EnvFile { entries }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::env::parser;

    #[test]
    fn redact_values() {
        let env = parser::parse("SECRET=hunter2\nPORT=3000\n").unwrap();
        let redacted = redact(&env);
        assert_eq!(redacted.get("SECRET"), Some("<REDACTED>"));
        assert_eq!(redacted.get("PORT"), Some("<REDACTED>"));
    }

    #[test]
    fn preserves_structure() {
        let env = parser::parse("# comment\n\nKEY=value\n").unwrap();
        let redacted = redact(&env);
        assert_eq!(redacted.entries.len(), 3);
        assert!(matches!(&redacted.entries[0], Entry::Comment(_)));
        assert!(matches!(&redacted.entries[1], Entry::Blank));
    }

    #[test]
    fn no_values_leak() {
        let env = parser::parse("SECRET=super_secret_password_123\n").unwrap();
        let redacted = redact(&env);
        let output = redacted.to_string();
        assert!(!output.contains("super_secret_password_123"));
        assert!(output.contains("<REDACTED>"));
    }
}