kconfig-core/club.skidware.kconfig.serializer/SecretString

SecretString

@JvmInline
value class SecretString(value: String)

An inline value class that wraps a sensitive string, ensuring it is never accidentally leaked through toString, logging, or string interpolation.

Safety guarantees:

  • toString always returns "********" -- the plaintext is never exposed.

  • The only way to obtain the underlying value is by calling expose explicitly, making accidental leaks easy to spot in code review.

  • Because this is an inline value class, there is zero runtime allocation overhead compared to a raw String.

Example:

val apiKey = SecretString("sk-live-abc123")

println(apiKey)            // prints: ********
println("Key=$apiKey")     // prints: Key=********
println(apiKey.expose())   // prints: sk-live-abc123  (intentional access)
Content copied to clipboard

Fields of type SecretString are automatically detected by SecretExtractor and masked with club.skidware.kconfig.annotation.MaskStrategy.FULL even without a @Secret annotation.

Since

1.0

See also

Constructors

Link copied to clipboard
constructor(value: String)

Functions

Link copied to clipboard
fun expose(): String

Returns the underlying plaintext value.

Link copied to clipboard
open override fun toString(): String

Returns a fixed mask ("********") to prevent accidental leakage through logging, debugging, or string interpolation.