secrecy is a simple library which provides wrapper type for secret management in Go. It is inspired from the excellent secrecy Rust crate. It provides

Search code, repositories, users, issues, pull requests...

submited by
Style Pass
2024-10-31 10:30:03

secrecy is a simple library which provides wrapper type for secret management in Go. It is inspired from the excellent secrecy Rust crate.

It provides a Secret[T] type for wrapping another value in a secret cell which attempts to limit exposure (only available via the special ExposeSecret() function).

Each secret has a finalizer attached that recusively zeroize secret memory when garbage collected. You must not share memory contained within a secret and share the secret itself.

This helps to ensure secrets aren't accidentally copied, logged, or otherwise exposed (as much as possible), and also ensures secrets are securely wiped from memory when garbage collected.

If you accidentally leak your secret using fmt.Println, json.Marshal or another method, the output will contains <!SECRET_LEAKED!> marker string. You can customize this value by setting the package variable secrecy.SecretLeakedMarker. This way, you can easily check for secret leaks in your logs using tool such as grep.

If you want to contribute to secrecy to add a feature or improve the code contact me at alexandre@negrel.dev, open an issue or make a pull request.

Leave a Comment