Class: Harbor::Events::Redactor

Inherits:
Object
  • Object
show all
Defined in:
lib/harbor/events/redactor.rb

Overview

Redacts hash values whose keys look secret-like. Matches /secret|token|password|key/i on keys. Intentionally includes known over-redactions (cache_key, public_key, api_key_name) as an accepted tradeoff per the design doc — over-redaction is safer than under-redaction for an audit log that may be inspected by agents.

Constant Summary collapse

SECRET_RE = 
/secret|token|password|key/i
REDACTED = 
"[REDACTED]"

Class Method Summary collapse

Class Method Details

.redact(value) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/harbor/events/redactor.rb', line 14

def self.redact(value)
  case value
  when Hash
    value.each_with_object({}) do |(k, v), out|
      out[k] = if k.to_s.match?(SECRET_RE)
        REDACTED
      else
        redact(v)
      end
    end
  when Array
    value.map { |v| redact(v) }
  else
    value
  end
end