^:secret tag and bespoke serializer to redact sensitive information for logging purposes #enhancement
colliderwriter opened this issue · comments
Aero's ability to combine configuration sources from separate sources is a useful (and well-documented) way to satisfy the use case of keeping secrets out of git.
I'd like a way to log the resolved config without all my passwords ending up in plaintext though.
I hacked together a patched pretty printer dispatch table wrapper and a tag to match it for my immediate purposes, but I'm certain there must be cleverer ways to get this to work.
Or perhaps this is out-of-band for Aero and ought to be filed elsewhere?
@colliderwriter did you ever figure out a simple-enough solution for this?
@chrisetheridge My original solution was a terrible hack which I would not recommend anyone using including myself.
I recently tested https://github.com/magnars/confair which takes a much more sensible approach. As of today, that's how I would do it.
Thank you @colliderwriter! I actually went with a similar approach, but using Aero. I added a reader #secret
that wraps the value in a SecretValue
type, which does the same thing that MaskedConfig
does in confair, but at the value level rather than the config level.
I can't argue with that.
Thanks for the work.
Closing.