Expand description
leakguard – fast, zero-dependency redaction of secrets and PII from text.
leakguard finds and removes sensitive data – emails, credit-card numbers,
IP addresses, JWTs, US SSNs, MAC addresses, AWS keys, URLs with embedded
credentials – from arbitrary strings and log lines. It has no
dependencies, is #![no_std]-friendly (with alloc), and ships with a
small, hand-written scanner for every detector (no regex engine).
§Quick start
use leakguard::Redactor;
let s = Redactor::new(); // all default detectors enabled
let dirty = "Contact alice@example.com from 10.0.0.1";
let clean = s.clean(dirty);
assert_eq!(clean, "Contact [REDACTED:EMAIL] from [REDACTED:IPV4]");§Choosing how things are masked
use leakguard::{Redactor, Mask};
// Replace every match with a fixed string.
let s = Redactor::new().mask(Mask::fixed("***"));
assert_eq!(s.clean("ip 10.0.0.1"), "ip ***");
// Keep the last 4 characters of each match.
let s = Redactor::new().mask(Mask::Partial { keep_last: 4, ch: '*' });
assert_eq!(s.clean("card 4111 1111 1111 1111"), "card ***************1111");§Choosing what to look for
use leakguard::{Redactor, Kind};
// Only redact emails and credit cards.
let s = Redactor::only(&[Kind::Email, Kind::CreditCard]);
assert_eq!(s.clean("a@b.com 10.0.0.1"), "[REDACTED:EMAIL] 10.0.0.1");§Inspecting matches without mutating
use leakguard::{Redactor, Kind};
let s = Redactor::new();
let matches = s.find("email a@b.com");
assert_eq!(matches.len(), 1);
assert_eq!(matches[0].kind, Kind::Email);
assert_eq!(matches[0].text("email a@b.com"), "a@b.com");Re-exports§
pub use detectors::Detector;pub use detectors::FnDetector;
Modules§
- detectors
- Built-in detectors.
Structs§
- Match
- A single detected span of sensitive data within the input text.
- Redactor
- The main entry point: configure detectors + a
Mask, thenclean.