Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ancat/trapdoor
https://github.com/ancat/trapdoor
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/ancat/trapdoor
- Owner: ancat
- Created: 2022-11-06T03:50:15.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-05T02:06:51.000Z (almost 2 years ago)
- Last Synced: 2024-10-31T13:55:00.927Z (about 2 months ago)
- Language: Ruby
- Size: 12.7 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# trapdoor
trapdoor monkeypatches `ENV` so any secret values are available when asked for by name (i.e. `ENV['SOME_SECRET']`) but are hidden when requested in bulk (i.e. `ENV.to_h`, `ENV.inspect`, iterators). This was designed to be a drop in replacement for codebases that use `ENV` to hold secrets but also use developer tools that may cause these values to be accidentally logged.
## Installation
1. Add to your Gemfile and install with bundle, or `gem install trapdoor`
2. `require 'trapdoor'`## Walkthrough
Let's start by inspecting the environment in the repl. We can see `SECRET_API_TOKEN` and its value.
```
> ENV
=> {... "SECRET_API_TOKEN"=>"987tfghjo0987yt"}
```After loading `trapdoor`, let's tell it to hide this specific value then inspect the environment again.
```
> ENV.hide "SECRET_API_TOKEN"
> ENV
=> {... "SECRET_API_TOKEN"=>"**REDACTED**"}
```But we can see this value can still be accessed just like before:
```
> ENV['SECRET_API_TOKEN']
=> "987tfghjo0987yt"
```
Additionally, we can call `ENV.start_smuggling` to start redacting all new environment variables. This can be useful if you insert sensitive variables into the environment afterwards so that any non-pre loaded values are redacted.