kconfig-core/club.skidware.kconfig.serializer/SecretExtractor

SecretExtractor

object SecretExtractor

Reflective utility that inspects a data class hierarchy and extracts metadata for every field that should be treated as a secret.

A field is considered secret if either of the following is true:

  1. It is annotated with @Secret.

  2. Its type is SecretString (automatic MaskStrategy.FULL mask).

The extractor recurses into nested data classes, building dot-separated paths (e.g. "database.credentials.password").

Example:

data class Credentials(
    @Secret(mask = MaskStrategy.PARTIAL, visibleChars = 4)
    val apiKey: String,
    val token: SecretString       // auto-detected, FULL mask
)

data class AppConfig(
    val name: String,
    val credentials: Credentials  // nested - will be recursed
)

val fields = SecretExtractor.extract(AppConfig::class)
// fields[0] -> SecretFieldInfo("credentials.apiKey", PARTIAL, 4)
// fields[1] -> SecretFieldInfo("credentials.token",  FULL,    0)
Content copied to clipboard

Since

1.0

See also

Types

Link copied to clipboard
data class SecretFieldInfo(val path: String, val strategy: MaskStrategy, val visibleChars: Int)

Metadata describing a single secret field discovered during extraction.

Functions

Link copied to clipboard
fun extract(klass: KClass<*>, prefix: String = ""): List<SecretExtractor.SecretFieldInfo>

Recursively inspects the primary constructor parameters of klass and returns a list of SecretFieldInfo for every secret field found.