Skip to content

Latest commit

 

History

History
79 lines (56 loc) · 2.42 KB

0186-secret-values.org

File metadata and controls

79 lines (56 loc) · 2.42 KB
Raw

secret-values

This library can be useful for anybody who is writing services which logs their errors with backtraces. It will protect you from leaking sensitive data like passwords and tokens.

For example, let’s pretend we have some code which authenticates to a database with a password. At some moment and error can happen and when you log the backtrace, the password will be logged as well:

POFTHEDAY> (defun authenticate (password)
             (format t "Authenticating with ~A"
                     password)
             (sb-debug:print-backtrace :count 3))

POFTHEDAY> (defun bar (password)
             (authenticate password))

POFTHEDAY> (bar "The Secret Password")

Authenticating with The Secret Password

Backtrace for: #<SB-THREAD:THREAD "sly-channel-1-mrepl-remote-1" RUNNING {1003692013}>
0: (AUTHENTICATE "The Secret Password")
1: (BAR "The Secret Password")
2: (SB-INT:SIMPLE-EVAL-IN-LEXENV (BAR "The Secret Password") #<NULL-LEXENV>)

The secret-values allows to wrap the secret value into the object and retrieve the real value as needed.

POFTHEDAY> (secret-values:conceal-value "The Secret Password" :name "password")
#<SECRET-VALUES:SECRET-VALUE password {100450B623}>

POFTHEDAY> (secret-values:reveal-value *)
"The Secret Password"

Here how we can use it in our example. Pay attention to the backtrace. Now it does not contain the password and such backtrace can be written into the file or sent for diagnostic to the developer:

POFTHEDAY> (defun authenticate (password)
             (format t "Authenticating with ~A"
                     (secret-values:reveal-value password))
             (sb-debug:print-backtrace :count 3))

POFTHEDAY> (let ((pass (secret-values:conceal-value "The Secret Password")))
             (bar pass))

Authenticating with The Secret Password

Backtrace for: #<SB-THREAD:THREAD "sly-channel-1-mrepl-remote-1" RUNNING {1003692013}>
0: (AUTHENTICATE #<SECRET-VALUES:SECRET-VALUE  {10043ABB23}>)
1: (BAR #<SECRET-VALUES:SECRET-VALUE  {10043ABB23}>)
2: ((LAMBDA ()))

I definitely will use it! And you should too!

By the way, does somebody know something about the author Thomas Bakketun and his company Copyleft? Seems they are using the Common Lisp in their stack.