Skip to main content

statsig_rust/
logging_utils.rs

1/// Sanitizes SDK keys embedded in strings by masking characters after `secret-`.
2/// Keeps the first 5 chars of the key and replaces the rest with `*****`.
3/// Use this for ANY log output that may include URLs or messages containing SDK keys.
4pub fn sanitize_secret_key(input: &str) -> String {
5    input
6        .split("secret-")
7        .enumerate()
8        .map(|(i, part)| {
9            if i == 0 {
10                part.to_string()
11            } else {
12                let (key, rest) =
13                    part.split_at(part.chars().take_while(|c| c.is_alphanumeric()).count());
14                let sanitized_key = if key.len() > 5 {
15                    format!("{}*****{}", &key[..5], rest)
16                } else {
17                    format!("{key}*****{rest}")
18                };
19                format!("secret-{sanitized_key}")
20            }
21        })
22        .collect()
23}