ConfigInjector 2.1 has been released with support for sensitive settings.
This is a pretty simple feature: if you have a sensitive setting and want to be cautious about logging it or otherwise writing it to an insecure location, you can now flag it as IsSensitive
and optionally override the SanitizedValue
property.
If you just want to mark a setting as sensitive, just override the IsSensitive
property to return true. This will allow you to make your own judgements in your own code as to how you should deal with that setting. You can, of course, still choose to log it - it’s just an advisory property.
If you want to be a bit more serious, you can also override the SanitizedValue
property to return a sanitized version of the value. By default, if you’re logging settings to anywhere you should log the SanitizedValue
property rather than just the Value
one.
public class FooApiKey: ConfigurationSetting<string>
{
public override bool IsSensitive => true;
public override string SanitizedValue => "********";
}
It’s worth noting that these properties do not change the behaviour of ConfigInjector; they simply allow us to be a bit more judicious when we’re dealing with these settings.