Skip to main content

Crate redaction

Crate redaction 

Source
Expand description

Type-directed redaction for structured data.

This crate separates:

  • Classification: what kind of sensitive data this is.
  • Policy: how that data should be redacted.

The derive macro walks your data and applies the policy at the boundary when you call redact() or Redactable::redact().

Key rules:

  • Use #[sensitive(Classification)] for string-like leaf values.
  • Use #[sensitive] for scalars and nested Sensitive types.
  • Unannotated fields pass through unchanged.
  • Debug always prints "[REDACTED]" for sensitive fields; policies apply only when calling .redact().

Boxed trait objects:

  • #[sensitive] supports Box<dyn Trait> by calling redact_boxed.
  • Detection is conservative and only matches the simple Box<dyn Trait> syntax, not qualified paths or type aliases.

What this crate does:

  • defines classification marker types and the Classification trait
  • defines redaction policies and the redact entrypoint
  • provides integrations behind feature flags (e.g. slog)

What it does not do:

  • perform I/O or logging
  • validate your policy choices

The Sensitive derive macro lives in redaction-derive and is re-exported when the derive feature is enabled.

Structs§

AccountId
Classification marker for account identifiers.
BlockchainAddress
Classification marker for blockchain addresses (e.g., Ethereum, Bitcoin).
CreditCard
Classification marker for credit card numbers or PANs.
DateOfBirth
Classification marker for dates of birth.
Email
Classification marker for email addresses.
IpAddress
Classification marker for IP addresses.
KeepConfig
Configuration that keeps selected segments visible while masking the remainder.
MaskConfig
Configuration that masks selected segments while leaving the remainder unchanged.
NationalId
Classification marker for government-issued identifiers.
PhoneNumber
Classification marker for phone numbers.
Pii
Classification marker for personally identifiable information.
Secret
Classification marker for secrets such as passwords or private keys.
SessionId
Classification marker for session identifiers.
Token
Classification marker for authentication tokens and API keys.

Enums§

TextRedactionPolicy
A redaction strategy for string-like values.

Constants§

REDACTED_PLACEHOLDER
Default placeholder used for full redaction.

Traits§

Classification
Marker trait for classification categories.
Redactable
Public entrypoint for redaction on traversable types.
RedactableBoxed
Redacts boxed trait objects that expose their own boxed redaction.
RedactionPolicy
Associates a classification type with a concrete string redaction policy.
SensitiveValue
String-like payloads that can be redacted via policies.

Functions§

apply_classification
Applies a classification policy to a classifiable value.
redact
Redacts a value using classification-bound policies.
redact_boxed
Convenience helper for redacting boxed trait objects.

Derive Macros§

Sensitive
Derives redaction::SensitiveType (and related impls) for structs and enums.
SensitiveError
Derives redaction::SensitiveType for types that should log without Serialize.