Skip to main content

Mask Sensitive Fields

Speakeasy can mask sensitive data in the query string parameters, headers, cookies and request/response bodies captured by the SDK. This is useful for maintaining sensitive data isolation, and retaining control over the data that is captured.

Mask By Endpoint

By not assigning the middleware to their router, you will cause the SDK to not capture any requests to that router. But if you would like to be more selective, you can mask certain sensitive data using our middleware controller allowing you to mask fields as needed in different handlers:

func MyHandler(w http.ResponseWriter, r *http.Request) {
ctrl := speakeasy.MiddlewareController(req)
ctrl.Masking(speakeasy.WithRequestHeaderMask("Authorization")) // Mask the Authorization header in the request

// the rest of your handlers code
}

The Masking function takes a number of different options to mask sensitive data in the request:

  • speakeasy.WithQueryStringMask - WithQueryStringMask will mask the specified query strings with an optional mask string.
  • speakeasy.WithRequestHeaderMask - WithRequestHeaderMask will mask the specified request headers with an optional mask string.
  • speakeasy.WithResponseHeaderMask - WithResponseHeaderMask will mask the specified response headers with an optional mask string.
  • speakeasy.WithRequestCookieMask - WithRequestCookieMask will mask the specified request cookies with an optional mask string.
  • speakeasy.WithResponseCookieMask - WithResponseCookieMask will mask the specified response cookies with an optional mask string.
  • speakeasy.WithRequestFieldMaskString - WithRequestFieldMaskString will mask the specified request body fields with an optional mask. Supports string fields only. Matches using regex.
  • speakeasy.WithRequestFieldMaskNumber - WithRequestFieldMaskNumber will mask the specified request body fields with an optional mask. Supports number fields only. Matches using regex.
  • speakeasy.WithResponseFieldMaskString - WithResponseFieldMaskString will mask the specified response body fields with an optional mask. Supports string fields only. Matches using regex.
  • speakeasy.WithResponseFieldMaskNumber - WithResponseFieldMaskNumber will mask the specified response body fields with an optional mask. Supports number fields only. Matches using regex.

Masking Headers Globally

Masking can also be done more globally on all routes or a selection of routes by taking advantage of middleware. Here is an example:

speakeasy.Configure(speakeasy.Config {
APIKey: "YOUR API KEY HERE", // retrieve from Speakeasy API dashboard.
ApiID: "YOUR API ID HERE", // this is an ID you provide that you would like to associate captured requests with.
VersionID: "YOUR VERSION ID HERE", // this is a Version you provide that you would like to associate captured requests with.
})

r := mux.NewRouter()
r.Use(speakeasy.Middleware)
r.Use(func (next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Mask the Authorization header in the request for all requests served by this middleware
ctrl := speakeasy.MiddlewareController(req)
ctrl.Masking(speakeasy.WithRequestHeaderMask("Authorization"))
})
})