Skip to content

aafanasev/sekret

Repository files navigation

Sekret

maven

Kotlin compiler plugin that hides data class properties in generated toString() method

Motivation

In 2019 Facebook and Google admitted a leaking of millions of user passwords. It doesn't mean that they save our passwords as plain text, no - the passwords were found in log files. When a user enters a password it goes through hundreds of different services and each of has its logging system. It's very easy to make a mistake and save sensitive data, especially when you have no control on autogenerated code. That's why this plugin was created to help you to exclude some properties from autogenerated toString() method. If you do not want to use a compiler plugin please have a look to other ways.

Usage

Code:

data class Credentials(
    val login: String, 
    @Secret val password: String
)

println(Credentials("User", "12345")) 

Output:

Credentials(login=User, password=■■■)

Installation

Gradle

Apply plugin:

plugins {
    id 'net.afanasev.sekret' version '<version>'
}

Configure:

// Download @Secret annotation
dependencies {
    compile 'net.afanasev:sekret-annotation:<version>'
}

// OR use your own
sekret {
    // "■■■" by default
    mask = "***"    
    
    // true by default
    enabled = true

    // true by default
    maskNulls = false
    
    // "net.afanasev.sekret.Secret" by default
    annotations = ["com.sample.YourAnnotation"] 
}

Kotlin CLI

kotlinc \
    -Xplugin=kotlin-plugin.jar \
    -P plugin:sekret:annotations=com.sample.YourAnnotation \
    ...

Mentions

Code of Conduct

Please refer to Code of Conduct document.