1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

use vector_config::{configurable_component, ConfigurableString};

/// Wrapper for sensitive strings containing credentials
#[configurable_component(no_deser, no_ser)]
#[derive(::serde::Deserialize, ::serde::Serialize)]
#[serde(from = "String", into = "String")]
#[configurable(metadata(sensitive))]
#[derive(Clone, Default, PartialEq, Eq)]
pub struct SensitiveString(String);

impl From<String> for SensitiveString {
    fn from(value: String) -> Self {
        Self(value)
    }
}

impl From<SensitiveString> for String {
    fn from(value: SensitiveString) -> Self {
        value.0
    }
}

impl ConfigurableString for SensitiveString {}

impl std::fmt::Display for SensitiveString {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "**REDACTED**")
    }
}

impl std::fmt::Debug for SensitiveString {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        // we keep the double quotes here to keep the String behavior
        write!(f, "\"**REDACTED**\"")
    }
}

impl SensitiveString {
    #[must_use]
    pub fn inner(&self) -> &str {
        self.0.as_str()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn serialization() {
        let json_value = "\"foo\"";
        let value: SensitiveString = serde_json::from_str(json_value).unwrap();
        let result: String = serde_json::to_string(&value).unwrap();
        assert_eq!(result, json_value);
    }

    #[test]
    fn hide_content() {
        let value = SensitiveString("hello world".to_string());
        let display = format!("{value}");
        assert_eq!(display, "**REDACTED**");
        let debug = format!("{value:?}");
        assert_eq!(debug, "\"**REDACTED**\"");
    }
}