Class: KamalBackup::Redactor

Inherits:

Object

• Object
• KamalBackup::Redactor

Defined in:

lib/kamal_backup/redactor.rb

Constant Summary

SECRET_KEY_PATTERN =

/(pass|password|secret|token|key|credential|authorization)/i

SENSITIVE_KEY_PATTERN =

/(?:pass|password|secret|token|key|credential|authorization)|\A(?:user|username|pguser|.*_user|.*_username)\z/i

REDACTED =

"[REDACTED]"

Instance Method Summary

• #initialize(secret_values: [], env: ENV) ⇒ Redactor constructor

  A new instance of Redactor.

• #redact_hash(hash) ⇒ Object
• #redact_string(value) ⇒ Object
• #redact_value(key, value) ⇒ Object

Constructor Details

#initialize(secret_values: [], env: ENV) ⇒ Redactor

Returns a new instance of Redactor.

# File 'lib/kamal_backup/redactor.rb', line 7

def initialize(secret_values: [], env: ENV)
  @secret_values = Array(secret_values).compact.map(&:to_s).reject { |value| value.empty? || value.length < 4 }
  @env = env
end

Instance Method Details

#redact_hash(hash) ⇒ Object

# File 'lib/kamal_backup/redactor.rb', line 12

def redact_hash(hash)
  hash.each_with_object({}) do |(key, value), result|
    result[key] = redact_value(key, value)
  end
end

#redact_string(value) ⇒ Object

# File 'lib/kamal_backup/redactor.rb', line 25

def redact_string(value)
  redacted = redact_url_credentials(value.to_s)
  known_secret_values.each do |secret|
    redacted = redacted.gsub(secret, REDACTED)
  end
  redacted
end

#redact_value(key, value) ⇒ Object

# File 'lib/kamal_backup/redactor.rb', line 18

def redact_value(key, value)
  return nil if value.nil?
  return REDACTED if key.to_s.match?(SENSITIVE_KEY_PATTERN)

  redact_string(value.to_s)
end