Dealing with secrets

[hairybreeches]

When integrant fails to initialise, it throws an exception with the whole config as part of the ExceptionInfo. So when I run an app that looks like this:

(defmethod init-key :failing-thing
  [_ config]
  (throw (Exception. "Kerpow!")))

(defn -main
  []
  (init {:failing-thing {:secret "foo"}}))

I get output that includes this line:

Exception in thread "main" clojure.lang.ExceptionInfo: Error on key :failing-thing when building system {:reason :integrant.core/build-threw-exception, :system {}, :function #object[clojure.lang.MultiFn 0x1c33c17b "clojure.lang.MultiFn@1c33c17b"], :key :failing-thing, :value {:secret "foo"}}, compiling:(C:\Users\david.conlin\AppData\Local\Temp\form-init3479267167971658745.clj:1:115)

This isn't ideal, since we'd rather not be logging secret config values in plaintext. Is there some way we can exclude or obfuscate certain values in any logged/exception values of the config? Alternatively, is there a "production" setting that prevents the config being returned on an exception? If not, would these features be useful (happy to help out with a PR), or have we just gone about this completely the wrong way?

[weavejester]

The exception is just an clojure.lang.ExceptionInfo exception. You can catch it and print it out any way you choose. The default behavior is to print out all the data held in it, but if you catch the exception you can customize this.