Skip to main content

redact_credentials

Function redact_credentials 

Source
pub fn redact_credentials(s: &str) -> String
Expand description

Strip user:pass@ userinfo from any URL embedded in s.

Elasticsearch connection strings frequently embed basic-auth credentials (https://user:pass@host). Every error this module produces is routed through this function so credentials are never leaked in error messages or logs. Pure — unit-testable offline. UTF-8 safe (operates on &str slices, which are always char boundaries; the delimiters scanned are all ASCII).

Userinfo is everything before the last @ within the URL authority (matching the WHATWG URL spec), so a password that itself contains @ (https://u:p@ss@host) is fully redacted rather than leaking the tail.