SigilGuard.
View Source
Sensitivity scanning and redaction for text content.
Scans strings for sensitive content (credentials, API keys, PII) using compiled regex patterns and provides redaction with configurable replacement hints.
Behaviour
Modules implementing SigilGuard.Scanner.Behaviour can replace the default
regex-based scanner with custom implementations (ML-based, external service, etc.).
Summary
Functions
Replace all matched regions in text with their replacement hints.
Scan text for sensitive content using the given patterns.
Scan and redact in a single pass. Returns the redacted text.
Functions
@spec redact(String.t(), [SigilGuard.Patterns.scan_hit()], keyword()) :: String.t()
Replace all matched regions in text with their replacement hints.
Hits are applied in reverse offset order to preserve positions.
Options
:default_replacement— fallback replacement when a hit has noreplacement_hint. Default:"[REDACTED]"
Examples
iex> hits = [
...> %{offset: 0, length: 20, match: "AKIAIOSFODNN7EXAMPLE", replacement_hint: "[AWS_KEY]"}
...> ]
...>
...> SigilGuard.Scanner.redact("AKIAIOSFODNN7EXAMPLE secret", hits)
"[AWS_KEY] secret"@spec scan( String.t(), keyword() ) :: {:ok, String.t()} | {:hit, [SigilGuard.Patterns.scan_hit()]}
Scan text for sensitive content using the given patterns.
Returns {:ok, text} if no hits are found, or {:hit, hits} with a list
of SigilGuard.Patterns.scan_hit() structs describing each match.
Options
:patterns— compiled patterns to use. Defaults to built-in patterns.
Examples
iex> SigilGuard.Scanner.scan("safe text")
{:ok, "safe text"}
iex> {:hit, hits} =
...> SigilGuard.Scanner.scan("Authorization: Bearer sk-abc123def456ghi789jkl012mno345")
...>
...> length(hits) > 0
trueScan and redact in a single pass. Returns the redacted text.