The fleet's one allowlist secret-scrubber — so no log line, diagnostic bundle, env dump, or JSON receipt ever leaks a known secret.
A Redactor built once from registered secret keys (key names whose values
are sensitive — PASSWORD, token, …) and registered secret values
(literal credentials to mask wherever they appear), then reused to scrub:
Env([]string)/EnvMap(map[string]string)—os.Environ()-shaped pairs, masking the value of any secret-keyed entry and any secret value embedded in a non-secret value.Bytes([]byte)/String(string)— unstructured log/file content, masking every registered secret value.JSON([]byte)— a JSON document, masking the whole subtree under any secret-keyed field and any secret value inside any string leaf.
The model is the two complementary halves every scrubber needs:
allowlist-by-key (a token field is redacted regardless of content) +
denylist-by-value (a concrete leaked credential is redacted wherever it shows
up). The Redactor is immutable after New and safe for concurrent use.
Scrubbing secrets out of diagnostics recurs across every log pipeline, bundle
producer, and doctor-style tool. One typed Redactor means uniform masking
semantics (longest-match-wins, case-insensitive keys, whole-subtree redaction)
and one place to register what is secret — never a hand-rolled strings.Replace
loop that misses a key or leaks a nested field again.
go get github.com/pleme-io/redactor-go
r, err := redactorgo.New(
redactorgo.WithSecretKeys("PASSWORD", "token", "api_key"),
redactorgo.WithSecretValues(sess.Token()), // a concrete live credential
)
if err != nil { return errs.Exit(err) }
clean := r.Env(os.Environ()) // []string, secret-keyed values masked
safe, _ := r.JSON(receiptBytes) // []byte, secret subtrees + values masked
log.Info(r.String(rawLine)) // string, secret values maskedNone — a pure library. Callers that read the secret-key/value sets from config
use shikumi-go and pass them via the With… options.
Pull-model (Go modules): an annotated vX.Y.Z tag is the release; pkg.go.dev
indexes it. See the GSDS module delivery FSM.