Categorygithub.com/yonesko/protoredact
repositorypackage
0.2.0
Repository: https://github.com/yonesko/protoredact.git
Documentation: pkg.go.dev
Overview
Dependencies
6
Dependents
0

# Packages

No description provided by the author

# README

Lib for fields redaction (hiding sensitive fields) base on filed options.

go get github.com/yonesko/protoredact

Base case

Define field option:

syntax = "proto3";
package testproto;
import "google/protobuf/descriptor.proto";

message SensitiveData {
}

extend google.protobuf.FieldOptions {
  SensitiveData sensitive_data = 1200;
}

Annotate your message:

message WithAllFieldTypes {
  string fieldString = 1;
  string fieldStringSensitive = 2 [(sensitive_data) = {}];
}

Call Redact on your message:

func Test(t *testing.T) {
msg := &testproto.WithAllFieldTypes{FieldInt64: 515, FieldStringSensitive: "my_password"}
msgCloned := proto.Clone(msg)
_ = Redact(msgCloned, testproto.E_SensitiveData)
bytesOriginal, _ := json.Marshal(msg)
bytesCloned, _ := json.Marshal(msgCloned)
fmt.Println("original:", string(bytesOriginal))
fmt.Println("cloned:", string(bytesCloned))
}
//original: {"fieldInt64":515, "fieldStringSensitive":"my_password"}
//cloned: {"fieldInt64":515}

Sensitive keys will be empty

Map case

You can specify which keys of map to hide:

syntax = "proto3";
package testproto;
import "google/protobuf/descriptor.proto";

message SensitiveData {
  repeated string mapKeysToRedact = 1;
}

extend google.protobuf.FieldOptions {
  SensitiveData sensitive_data = 1200;
}

message WithAllFieldTypes {
  map<int64, string> mapWithSensitiveKeyIntKey = 1[(sensitive_data) = {mapKeysToRedact:["password"]}];
}

Set Value Case

You can use redactingHandler to specify what you want to do with sensitive field