Expand description
Key-value processor for gitlab.rb-style configuration files.
Handles files with lines of the form:
key = "value"
key = 'value'
key = value
# comment lines are preservedThe delimiter, comment prefix, and quoting style are configurable
via the profile’s options map.
§Profile Options
| Key | Default | Description |
|---|---|---|
delimiter | "=" | The key-value separator. |
secondary_delimiter | (none) | Optional additional delimiter(s) tried when |
| the primary delimiter’s key does not match | ||
| any field rule. Comma-separate multiple | ||
values (e.g. "=>,:"). Surrounding quotes | ||
| are stripped from the key before matching, | ||
| and any suffix after the value (e.g. a | ||
trailing ,) is preserved in the output. | ||
Useful for Ruby hash literals that use => | ||
or : alongside a =-delimited file. | ||
comment_prefix | "#" | Lines starting with this (after whitespace) |
| are treated as comments. | ||
ignore_comments | false | When true, comment lines are preserved |
| verbatim and never sanitized. By default, | ||
| field rules are applied to commented-out | ||
| key-value lines so that secrets left behind | ||
| in comments are still replaced. | ||
value_strip_suffix | (none) | Strip this suffix from value before |
| sanitizing and re-append it afterwards. | ||
Use ";" for nginx-style key value; files. |
§Heredoc / Sub-processor Support
When a matched field rule has sub_processor set and the value is a
Ruby-style heredoc (<<-'EOS', <<~EOS, etc.), the processor switches
into collection mode: it accumulates heredoc lines until the end marker,
then delegates the collected content to the named sub-processor using the
rule’s sub_fields. This allows structured content embedded inside
key-value files (e.g. YAML inside gitlab.rb) to be sanitized at the
field level rather than relying solely on the streaming scanner.
For non-heredoc values with sub_processor, the value (after quote
stripping) is passed directly to the sub-processor.
§Formatting Preservation
- Blank lines and indentation are preserved verbatim.
- Comment lines are preserved verbatim when no field rule matches their body,
or when
ignore_comments: trueis set in the profile options. - The original quoting style (single, double, or unquoted) is kept.
- Whitespace around the delimiter is preserved where possible.
- Heredoc opening and closing marker lines are preserved verbatim.
Structs§
- KeyValue
Processor - Structured processor for key = value configuration files.