Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ancat/trapdoor


https://github.com/ancat/trapdoor

Last synced: about 1 month ago
JSON representation

Awesome Lists containing this project

README

        

# trapdoor

trapdoor monkeypatches `ENV` so any secret values are available when asked for by name (i.e. `ENV['SOME_SECRET']`) but are hidden when requested in bulk (i.e. `ENV.to_h`, `ENV.inspect`, iterators). This was designed to be a drop in replacement for codebases that use `ENV` to hold secrets but also use developer tools that may cause these values to be accidentally logged.

## Installation

1. Add to your Gemfile and install with bundle, or `gem install trapdoor`
2. `require 'trapdoor'`

## Walkthrough

Let's start by inspecting the environment in the repl. We can see `SECRET_API_TOKEN` and its value.

```
> ENV
=> {... "SECRET_API_TOKEN"=>"987tfghjo0987yt"}
```

After loading `trapdoor`, let's tell it to hide this specific value then inspect the environment again.

```
> ENV.hide "SECRET_API_TOKEN"
> ENV
=> {... "SECRET_API_TOKEN"=>"**REDACTED**"}
```

But we can see this value can still be accessed just like before:
```
> ENV['SECRET_API_TOKEN']
=> "987tfghjo0987yt"
```

Additionally, we can call `ENV.start_smuggling` to start redacting all new environment variables. This can be useful if you insert sensitive variables into the environment afterwards so that any non-pre loaded values are redacted.