swift-secrecy

0.2.0

A simple package to help you avoid accidentally exposing secrets
mattia/swift-secrecy

What's New

0.2.0

2022-12-18T13:58:40Z

This release contains potential breaking changes, based on how you accessed the underlying secret

What's Changed

  • Add status badges for CI and package index by @mattia in #8
  • Fortify Secret.Wrapped value protection by @mattia in #9

The changes in #9 allows even more protection to avoid accidental secret exposure. Now the only way to access the underlying value of the secret is by going through the projectedValue.

Full Changelog: 0.1.0...0.2.0

Secrecy

CI

swift-secrecy is a simple type wrapper to help you avoid accidentally exposing secrets. This package is heavily inspired by the secrecy Rust crate

Usage

If one of your types is holding some kind of sensible information it can be easy to accidentally expose that value

For example if you are using a type to hold authentication information

struct Authentication {
  var username: String
  var token: String
}

maybe you later are printing debug information to identify problems

let auth = Authentication(username: "fake", password: "abc123")
print(auth)

Now in your log the password will be printed in cleartext

Authentication(username: "fake", password: "abc123")

Instead by using Secret you can avoid this mistakes. By changing the type definition into

struct Authentication {
  var username: String
  @Secret var password: String
}

The same type of code

let auth = Authentication(username: "fake", password: "abc123")
print(auth)

Will result in this log

Authentication(username: "fake", _password: Secret([REDACTED String]))

Protecting you from accidental mistakes.

If you want to access the underlying value, you can do it by using the wrappedValue property

auth.token.wrappedValue // This will expose the underlying `String` 

Codable support

Support for Encodable is provided by the package out of the box. To have Decodable support you have to provide additional information on how to redact the value. You can easily add support for your type by confirming to the RedactableForDecodable protocol. For example to automatically support Decodable for your Secret<String> you can add:

extension String: RedactableForDecodable {
  public static var redactor: Redactor<Self> { .default }
}

Note that this does not guarantee that the secret is not exposed (for example by encoding it to the disk in plain text) but you can always create a custom type with a dedicated Codable conformance.

License

This library is released under the MIT license. See LICENSE for details.

Description

  • Swift Tools 5.7.0
View More Packages from this Author

Dependencies

  • None
Last updated: Wed Feb 01 2023 06:23:04 GMT-0500 (GMT-05:00)