This Go library doesn't do much except encourage your to mark all your application secrets properly.
Instead of:
secret := os.GetEnv("OAUTH_TOKEN")
Write:
secret := secretvalue.New("oauth-token")
secret.SetString(os.GetEnv("OAUTH_TOKEN"))
os.Unsetenv("OAUTH_TOKEN")
By doing so, it will prevent the secrets from going to the logs inadvertedly.
The secret.String()
function exposes the secret name instead of the value,
which avoids sending these into logs by mistake. This happens a lot, trust me.
This library can also be used with the stdlib flag library. See string_flag_test.go for an example.
Remember these are only publicly known instances.
mlock(2)
on supported systems to prevent the value fromThis library doesn't prevent the value from going to swap disk. Make sure to
disable swap on all of your servers. swapoff -a