secret-values

2020-12-20

Secret values is a Common Lisp library designed to reduce the risk of accidentally revealing secret values such as passwords.

Upstream URL

github.com/rotatef/secret-values

Author

Thomas Bakketun <thomas@bakketun.pro>

License

MIT
README
Secret values is a Common Lisp library designed to reduce the risk of accidentally revealing secret values such as passwords. Source code at https://github.com/rotatef/secret-values Applications will often have to deal with values that should be kept secret, e.g. a password for accessing the applications database. There will allways be a risk that such a secret value is accidentally revealed e.g. in a backtrace or log file. Fixing this can be difficult because the code that generates the backtrace or log is often not part of the application. Turning off logging or backtrace is seldom an option. Making sure that logs and backtrace are kept secure can also be difficult. This library provides a simple wrapper type that can be used to conceal secret data. This wrapper tries to keep it's value secret by overriding print-object and some other tricks. In order to get the full benefits, the value should be concealed as early as possible and revealed as late as possible. For example, a database library should accept the password as a concealed value and only reveal it just before it's used to authenticate with the database. This will greatly reduce the risk of the password ending up in a log file or backtrace. All symbols are exported from the package SECRET-VALUES. The function CONCEAL-VALUE wraps a value into an object of type SECRET-VALUE. An optional name can be provided. The name is intended for debugging only and is included when the object is printed. To get the value back, call REVEAL-VALUE. The function ENSURE-VALUE-REVEALED behaves like REAVEAL-VALUE when called with an argument of type SECRET-VALUE, otherwise it just returns it's argument verbatim. This makes it easy to write code that accepts both secret and plaintext values.

Dependencies (0)

    Dependents (4)

    • aws-sign4
    • log4cl-extras
    • mailgun
    • reblocks-auth
    • GitHub
    • Quicklisp