Create a wrapper type for sensitive string data. #14260
Labels
domain: config
Anything related to configuring Vector
domain: enterprise
Anything related to Vector's enterprise features (Observability Pipelines)
domain: security
Anything related to security
have: must
We must have this feature, it is critical to the project's success. It is high priority.
Context
As part of the ongoing configuration schema work, we've identified a common pattern of having configuration fields that carry sensitive data -- passwords, API tokens, and so on -- but have no easy way to identify themselves as being sensitive information.
This can be a problem for a few reasons:
String
which will show up in bothDisplay
andDebug
-based usagesSolution
We should introduce a newtype wrapper, tentatively called
SensitiveString
, which wraps aString
internally and has the following characteristics:String
(drop-in compatible withString
forserde
purposes)configurable
-based metadata to indicate that it is a "sensitive" stringDisplay
andDebug
implementations that emit**REDACTED**
, or some sentinel value like thatDeref
implementations, to avoid unwittingly exposing the valueThe text was updated successfully, but these errors were encountered: