Conceal secrets

atgreen · Nov 27, 2023 · 46b353f · 46b353f
1 parent 45aee1e
commit 46b353f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -8,7 +8,9 @@ For example, the following code:
 ```
 (let ((*standard-output* (make-instance 'privacy-output-stream
                                         :stream *standard-output*
-                                        :secrets '("passw0rd" "sekret"))))
+                                        :secrets
+                                        (mapcar #'secret-values:conceal-value
+                                                '("passw0rd" "sekret")))))
   (format t "Hello, my password is passw0rd~%"))
 ```
 
@@ -17,10 +19,10 @@ For example, the following code:
 Hello, my password is ********
 ```
 
-```secrets``` is a list of secret values you want to mask in the final
-output.  They are processed in order, so I recommend that you sort
-your secrets by length (longest first) in case one is a substring of
-another.
+`secrets` is a list of concealed secret values you want to mask in
+the final output.  Use `secret-values:conceal-value` to conceal them.
+They are processed in order, so I recommend that you sort your secrets
+by length (longest first) in case one is a substring of another.
 
 Note also that `privacy-output-stream` only masks secrets that are
 presented in full as part of a string or sequence being written to the

diff --git a/privacy-output-stream.asd b/privacy-output-stream.asd
@@ -31,4 +31,4 @@
   :serial t
   :components ((:file "package")
                (:file "privacy-output-stream"))
-  :depends-on (:trivial-gray-streams))
+  :depends-on (:trivial-gray-streams :secret-values))
diff --git a/privacy-output-stream.lisp b/privacy-output-stream.lisp
@@ -26,10 +26,11 @@
 (defmethod stream-write-string ((stream privacy-output-stream)
                                 string &optional start end)
   (dolist (secret (secrets stream))
-    (setf string (with-output-to-string (out)
-                   (loop with start = 0
-                         for pos = (search secret string :start2 start)
-                         do (write-string string out :start start :end pos)
-                         when pos do (dotimes (x (length secret)) (write-char #\* out))
-                           while pos do (setf start (+ pos (length secret)))))))
+    (let ((secret (secret-value:reveal-value secret)))
+      (setf string (with-output-to-string (out)
+                     (loop with start = 0
+                           for pos = (search secret string :start2 start)
+                           do (write-string string out :start start :end pos)
+                           when pos do (dotimes (x (length secret)) (write-char #\* out))
+                             while pos do (setf start (+ pos (length secret))))))))
   (write-string string (stream-of stream) :start start :end end))