privacy-output-stream is a privacy preserving character output stream. It wraps other streams, like *standard-output*, and masks secrets from the output by replacing them with a series of *.

For example, the following code:

(let ((*standard-output* (make-instance 'privacy-output-stream
                                        :stream *standard-output*
                                        :secrets '("passw0rd" "sekret"))))
  (format t "Hello, my password is passw0rd~%"))

...prints:

Hello, my password is ********

secrets is a list of secret values you want to mask in the final output. They are processed in order, so I recommend that you sort your secrets by length (longest first) in case one is a substring of another.

Note also that privacy-output-stream only masks secrets that are presented in full as part of a string or sequence being written to the stream. Secrets written in fragments (by character or substring) will not be masked.

privacy-output-stream was written by Anthony Green, and is distributed under the terms of the MIT license.