Expand description
Redaction of sensitive values before traces hit disk.
Two mechanisms are layered:
- Known credential shapes are masked regardless of where they
appear in the tree. Currently:
ghp_,glpat-,pk_,sk-,xoxb-/xoxa-/xapp-,Bearer/Basic(case- insensitive), plus a few other common prefixes. These all survive without knowing the configured credential set — useful when a token leaks into an error message, a git URL, or a user-supplied prompt. - Values of any string-valued environment variable whose name
matches a sensitive suffix (
*_TOKEN/*_SECRET/*_KEY/*_PASSWORD/*_PASSPHRASE/AUTHORIZATION/COOKIE) are masked — the redactor snapshots those at call time.
Setting the DEVBOY_TRACE_REDACTION=off environment variable
disables both passes for local debugging. Never default to off.
§Amortizing the env snapshot
The top-level sanitize helper walks std::env::vars() on every
call — fine for one-shot CLI invocations but wasteful inside a
long-running producer like super::SessionTracer that writes
many events. Build a Redactor once with
Redactor::snapshot and reuse it for every event in the same
session to pay the env scan just once.
Structs§
- Redactor
- A reusable redactor that holds one env-var snapshot. Created via
Redactor::snapshot; use once per long-running producer (e.g. one perSessionTracer) to avoid rescanning the environment on every event.
Functions§
- sanitize
- Redact sensitive data in
value. Recursively walks maps and arrays. Strings are rewritten; numbers / bools / null pass through unchanged.