ruby
34 lines · 7 steps
Redacting secrets in Ruby object output
A credentials class that scrubs sensitive fields from every serialization path so secrets never leak into logs or JSON.
Explained by
highlit
1class Credentials
2 SENSITIVE = %i[password api_key secret_token access_key].freeze
3 REDACTED = "[REDACTED]".freeze
4
5 attr_reader :username, :password, :api_key, :secret_token, :access_key
6
7 def initialize(username:, password:, api_key:, secret_token:, access_key:)
8 @username = username
9 @password = password
10 @api_key = api_key
11 @secret_token = secret_token
12 @access_key = access_key
13 end
14
15 def to_h
16 instance_variables.each_with_object({}) do |ivar, memo|
17 name = ivar.to_s.delete_prefix("@").to_sym
18 memo[name] = SENSITIVE.include?(name) ? REDACTED : instance_variable_get(ivar)
19 end
20 end
21
22 def inspect
23 fields = to_h.map { |name, value| "#{name}=#{value.inspect}" }.join(", ")
24 "#<#{self.class.name} #{fields}>"
25 end
26
27 def to_s
28 inspect
29 end
30
31 def as_json(*)
32 to_h
33 end
34end
01 / 01
STEP 01
‹ swipe to step through ›
Walkthrough
Space play
←→ step
click any line
Three takeaways
- 1Centralize redaction in one method so every output path stays consistent by definition.
- 2Overriding inspect and to_s prevents secrets from leaking into logs and error traces.
- 3A frozen list of sensitive keys makes the redaction policy explicit and easy to audit.
Related explainers
ruby
class BulkImporter BATCH_SIZE = 500 def initialize(records)
Batching bulk inserts in Rails
batching
bulk-insert
deduplication
Intermediate
5 steps
typescript
type StorageSchema = Record<string, unknown>; interface StorageOptions { namespace?: string;
A type-safe wrapper around localStorage
generics
type-safety
serialization
Intermediate
9 steps
ruby
module Multitenant extend ActiveSupport::Concern included do
How a multitenant concern scopes Rails models
multitenancy
default-scope
concern
Advanced
8 steps
ruby
module Api module V1 class BaseController < ActionController::API rescue_from StandardError, with: :render_internal_error
Centralized API error handling in Rails
error-handling
rescue-from
json-api
Intermediate
7 steps
ruby
require "openssl" require "base64" module WebhookSignature
Signing and verifying webhooks in Ruby
hmac
cryptography
webhooks
Intermediate
7 steps
ruby
class CartMergeService def initialize(guest_cart:, user_cart:) @guest_cart = guest_cart @user_cart = user_cart
Merging a guest cart into a user cart in Rails
service object
transactions
idempotency
Intermediate
7 steps
Share this explainer
Here's the card — post it anywhere.
Made with highlit — turn any snippet into a walkthrough like this in about a minute.
Explain your code
Embed this explainer
Drop the interactive walkthrough into a blog or docs. Views never cost a credit.
<iframe src="https://highlit.co/explainers/redacting-secrets-in-ruby-object-output-explained-ruby-2ca7/embed?autoplay=1" width="100%" height="520" loading="lazy" style="border:0"></iframe>
Autoplay is on by default — add ?autoplay=0 to start paused.