AshCredo.Check.Warning.SensitiveAttributeExposed (ash_credo v0.15.0)

Copy Markdown View Source

Basics

This check is disabled by default.

Learn how to enable it via .credo.exs.

This check has a base priority of high and works with any version of Elixir.

Explanation

Attributes containing sensitive data should be marked with sensitive?: true. This prevents them from being leaked in logs, error messages, and inspections.

attribute :password_hash, :string, sensitive?: true

The sensitive_names param accepts atoms (exact name match) and regexes (matched against the attribute name), e.g. [:ssn, ~r/_token$/].

Check-Specific Parameters

Use the following parameters to configure this check:

:sensitive_names

Attribute names considered sensitive. Atom entries match exactly; Regex entries (e.g. ~r/_token$/) match against the attribute name.

This parameter defaults to [:password, :hashed_password, :password_hash, :password_digest, :token, :access_token, :secret, :client_secret, :totp_secret, :api_key, :private_key, :ssn].

General Parameters

Like with all checks, general params can be applied.

Parameters can be configured via the .credo.exs config file.