#redaction #privacy #masking #redact #sensitive

veil

Rust derive macro for redacting sensitive data in std::fmt::Debug

4 releases

Uses new Rust 2021

0.1.4 Nov 16, 2022
0.1.3 Oct 20, 2022
0.1.2 Oct 18, 2022
0.1.1 Oct 14, 2022
0.1.0 Sep 14, 2022

#288 in Rust patterns

Download history 16/week @ 2022-09-10 5/week @ 2022-09-17 2/week @ 2022-09-24 3/week @ 2022-10-01 13/week @ 2022-10-08 137/week @ 2022-10-15 103/week @ 2022-10-22 74/week @ 2022-10-29 49/week @ 2022-11-05 187/week @ 2022-11-12 163/week @ 2022-11-19 208/week @ 2022-11-26

620 downloads per month

MIT/Apache

27KB
293 lines

crates.io Documentation License CI status

A derive macro that implements std::fmt::Debug for a struct or enum variant, with certain fields redacted.

The purpose of this macro is to allow for easy, configurable and efficient redaction of sensitive data in structs and enum variants. This can be used to hide sensitive data in logs or anywhere where personal data should not be exposed or stored.

Usage

Add to your Cargo.toml:

[dependencies]
veil = "0.1.4"

Usage documentation can be found here.

Example

The example is explained in detail here.

#[derive(Redact)]
struct CreditCard {
    #[redact(partial)]
    number: String,

    #[redact]
    expiry: String,

    #[redact(fixed = 3)]
    cvv: String,

    #[redact(partial)]
    cardholder_name: String,
}

#[derive(Redact)]
#[redact(all, variant)]
enum CreditCardIssuer {
    MasterCard,
    Visa,
    AmericanExpress,
}

#[derive(Redact)]
#[redact(all, partial)]
struct Vehicle {
    license_plate: String,
    make: String,
    model: String,
    color: String,
}

#[derive(Debug)]
struct Policy {
    id: Uuid,
    name: String,
    description: String,
}

#[derive(Redact)]
enum InsuranceStatus {
    #[redact(all, partial)]
    Insured {
        #[redact(fixed = 12)]
        policy: Policy,

        policy_started: String,
        policy_expires: String,

        #[redact(skip)]
        payment_card: CreditCard,

        #[redact(skip)]
        vehicles: Vec<Vehicle>,
    },

    Uninsured {
        policies_available: Vec<Policy>,
    },
}

Environmental Awareness

In testing environments it may be useful to disable redaction entirely. You can globally disable Veil's redaction behavior at runtime by enabling the non-default feature flag toggle and:

  • Setting the VEIL_DISABLE_REDACTION environment variable to "1", "true" or "on" (case insensitive).

OR

These are only checked ONCE for security purposes.

Dependencies

~240–660KB
~15K SLoC