Skip to content

Declarative Configuration

Instead of building sanitization pipelines in Go code, httptape supports a JSON configuration format. This is useful for the CLI, Docker, and Testcontainers workflows where you want to define sanitization rules outside your Go code.

Config format

{
  "version": "1",
  "rules": [
    { "action": "redact_headers" },
    { "action": "redact_body", "paths": ["$.password", "$.ssn"] },
    { "action": "fake", "seed": "my-project-seed", "paths": ["$.user.email", "$.user.id"] }
  ]
}

Version

Must be "1". This field is required.

Rules

An ordered array of sanitization rules. Rules are applied sequentially, matching the Pipeline's semantics. At least one rule is required.

Actions

redact_headers

Maps to RedactHeaders(). Replaces header values with "[REDACTED]".

{ "action": "redact_headers" }

Optionally specify which headers to redact (default: DefaultSensitiveHeaders):

{ "action": "redact_headers", "headers": ["Authorization", "X-Custom-Secret"] }

redact_body

Maps to RedactBodyPaths(). Redacts specific fields in JSON bodies.

{ "action": "redact_body", "paths": ["$.password", "$.credit_card.number", "$.tokens[*].secret"] }

The paths field is required and must be non-empty.

fake

Maps to FakeFields(). Replaces values with deterministic HMAC-based fakes.

{ "action": "fake", "seed": "my-project-seed", "paths": ["$.user.email", "$.user.id", "$.user.name"] }

Both seed and paths are required and must be non-empty.

Loading config in Go

From a reader

f, _ := os.Open("sanitize.json")
cfg, err := httptape.LoadConfig(f)
if err != nil {
    log.Fatal(err) // JSON parse error or validation error
}

From a file path

cfg, err := httptape.LoadConfigFile("sanitize.json")
if err != nil {
    log.Fatal(err)
}

Building the pipeline

pipeline := cfg.BuildPipeline()

rec := httptape.NewRecorder(store,
    httptape.WithSanitizer(pipeline),
)

Validation

LoadConfig and LoadConfigFile validate the config automatically. You can also validate manually:

cfg := &httptape.Config{
    Version: "1",
    Rules: []httptape.Rule{
        {Action: "redact_headers"},
    },
}
err := cfg.Validate()

Validation checks: - Version must be "1" - Rules must be non-empty - Each rule must have a known action (redact_headers, redact_body, fake) - Action-specific required fields must be present - All paths must use valid JSONPath-like syntax ($.field, $.nested.field, $.array[*].field) - Fields irrelevant to an action are rejected (e.g., paths on redact_headers) - Unknown JSON fields are rejected

JSON Schema

A JSON Schema is available at config.schema.json for IDE autocompletion and CI validation.

Reference it in your config file:

{
  "$schema": "https://raw.githubusercontent.com/VibeWarden/httptape/main/config.schema.json",
  "version": "1",
  "rules": [...]
}

Complete example

{
  "version": "1",
  "rules": [
    {
      "action": "redact_headers",
      "headers": ["Authorization", "Cookie", "X-Api-Key"]
    },
    {
      "action": "redact_body",
      "paths": [
        "$.password",
        "$.credit_card.number",
        "$.credit_card.cvv"
      ]
    },
    {
      "action": "fake",
      "seed": "my-project-2024",
      "paths": [
        "$.user.email",
        "$.user.phone",
        "$.user.id",
        "$.orders[*].customer_id"
      ]
    }
  ]
}

See also

  • Redaction -- programmatic redaction pipeline API
  • CLI -- using config files with the CLI
  • Docker -- mounting config files into containers