Module: Legate::Redaction

Defined in:

lib/legate/redaction.rb

Overview

Strips secrets out of strings before they’re logged or surfaced to users.

LLM/HTTP client errors routinely embed the request URL — which for Gemini carries the API key as a ‘?key=…` query parameter — so error messages and logs must be scrubbed before they leave the process.

Constant Summary

REPLACEMENT =

'[REDACTED]'

SECRET_PARAM =

‘key=`, `api_key=`, `access_token=`, `token=` query/form parameters.

/([?&](?:key|api[_-]?key|access_token|token)=)[^&\s"']+/i

BEARER =

‘Authorization: Bearer <token>`.

%r{(Bearer\s+)[A-Za-z0-9\-._~+/]+=*}i

GOOGLE_KEY =

Google API keys by their ‘AIza` prefix — a belt-and-suspenders catch even if the key shows up somewhere the patterns above don’t match.

/AIza[0-9A-Za-z\-_]{10,}/

Class Method Summary

• .redact(text) ⇒ String

  The text with known secret shapes replaced.

Class Method Details

.redact(text) ⇒ String

Returns the text with known secret shapes replaced.

Parameters:

• text (Object) —

  anything stringifiable

Returns:

• (String) —

  the text with known secret shapes replaced

# File 'lib/legate/redaction.rb', line 25

def redact(text)
  text.to_s
      .gsub(SECRET_PARAM, "\\1#{REPLACEMENT}")
      .gsub(BEARER, "\\1#{REPLACEMENT}")
      .gsub(GOOGLE_KEY, REPLACEMENT)
end