primait
feat: adds flag `secret`
While it might be different from it's original intent, in practice, veil is used mostly for two different use cases:
- Preventing personally identifiable information from being leaked
- Preventing credentials from being leaked by accidentally logging them
While PII in debug settings is likely to be meaningless and safe to display as plaintext, credentials are best kept always redacted.
This PR introduces a way to mark fields as "secret", meaning credentials, keys, or otherwise security (as opposed to privacy) sensitive fields. It does so by introducing the #[redact(secret)] marker.
Marking a field as "secret" makes it so that it will never be unredacted, regardless of global config. It also makes it so that it's fully redacted, instead of doing it for alphanumeric characters only.
I think we should consider making this the default behavior in future releases, but of course that would be a major breaking change.
Sorry for the force pushes, GH was degraded and I was trying to understand what was going on.