Richard Feldman (Aug 04 2023 at 11:48): Richard Feldman (Aug 04 2023 at 11:48):Suppose I have an opaque Secret type (maybe representing a private API key, or a password) whose purpose is to prevent that secret from ending up somewhere it shouldn't, for example in a log file.
One possible way to accomplish this would be to set that opaque type's Inspect to always say "(SECRET)" or something like that. But that would mean I couldn't even see its real value in the repl, or when using dbg. That might make actual debugging hard in some cases.
Another possibility would be to have a separate ability (e.g. Log or something) which maybe defaults to be the same thing as Inspect but which is customizable to work differently, for example when it comes to secrets.
Anyone have any thoughts on this?
Fábio Beirão (Aug 04 2023 at 12:46):2cents thought. What I have done in the past for such secrets was a debug strategy where I would print out the initial and end of the secret dependent on its length. If the secret is longer than 6 graphemes, I would print A••••Z (this gives the dev an indication if the secret is correct or not).
If the secret was longer than, for instance, 12, I would then print a bit more: AB••••••••YZ.
Other alternative would be to print a oneway hash of such secrets. Imagine for instance a sha1 representation. This way you are not exposing the secret, and the developer can easily check if the secret matches his expectations in the repl: say you provide a built-in function toSecret : Str -> Str .
Fábio Beirão (Aug 04 2023 at 12:47):If I want to know that the Secret in my model is correct, when we do dbb model.secret Roc would print this hashed secret. I expect the secret to be xyz so I quickly do toSecret "xyz" in the repl and check that the hashes match.
Anton (Aug 04 2023 at 13:00):I would print out the initial and end of the secret dependent on its length.
That seems like a nice and simple solution!
Brendan Hansknecht (Aug 04 2023 at 13:40):You can use another method in the repl to convert it to a string if you really want to see the value. Same with in debug. So it is explicit opt in rather than default.
Brendan Hansknecht (Aug 04 2023 at 13:40):These methods probably already exist cause the secret has to be unwrapped and used at some point
Brendan Hansknecht (Aug 04 2023 at 13:40):So opaque unless requested explicitly
Richard Feldman (Aug 04 2023 at 15:37):true, I guess it might be annoying if it's deeply nested in a data structure, but maybe that's fine for the sake of being default secure
Last updated: Jun 16 2026 at 16:19 UTC