Class: Harbor::Events::Redactor
- Inherits:
-
Object
- Object
- Harbor::Events::Redactor
- Defined in:
- lib/harbor/events/redactor.rb
Overview
Redacts hash values whose keys look secret-like. Matches /secret|token|password|key/i on keys. Intentionally includes known over-redactions (cache_key, public_key, api_key_name) as an accepted tradeoff per the design doc — over-redaction is safer than under-redaction for an audit log that may be inspected by agents.
Constant Summary collapse
- SECRET_RE =
/secret|token|password|key/i- REDACTED =
"[REDACTED]"
Class Method Summary collapse
Class Method Details
.redact(value) ⇒ Object
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/harbor/events/redactor.rb', line 14 def self.redact(value) case value when Hash value.each_with_object({}) do |(k, v), out| out[k] = if k.to_s.match?(SECRET_RE) REDACTED else redact(v) end end when Array value.map { |v| redact(v) } else value end end |