Closed
Conversation
sodagunz
force-pushed
the
redact-always
branch
3 times, most recently
from
0163e31 to
af449fb
Compare
sodagunz
force-pushed
the
redact-always
branch
from
f868dad to
9c33289
Compare
Author
|
Sorry for the force pushes, GH was degraded and I was trying to understand what was going on. |
sodagunz
force-pushed
the
redact-always
branch
2 times, most recently
from
f2dec55 to
c8ed47b
Compare
cpiemontese
reviewed
Oct 13, 2025
Contributor
cpiemontese
left a comment
cpiemontese
left a comment
There was a problem hiding this comment.
Thanks for the PR, we will understand if and how to proceed with this feature in veil and will take this approach in consideration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
While it might be different from it's original intent, in practice,
veilis used mostly for two different use cases:While PII in debug settings is likely to be meaningless and safe to display as plaintext, credentials are best kept always redacted.
This PR introduces a way to mark fields as "secret", meaning credentials, keys, or otherwise security (as opposed to privacy) sensitive fields. It does so by introducing the
#[redact(secret)]marker.Marking a field as "secret" makes it so that it will never be unredacted, regardless of global config. It also makes it so that it's fully redacted, instead of doing it for alphanumeric characters only.
I think we should consider making this the default behavior in future releases, but of course that would be a major breaking change.