Sensitive Parameter¶

This is a native PHP attribute, which tells the engine that a parameter is a sensitive parameter, and should not be displayed by PHP when an error displays the stack trace.

This prevent innocent mistakes, where reading the logs on the production server also tells the actual value of a secret.

<?php

function foo(
    #[SensitiveParameter] string $apiKey
): int {
    throw new Exception('Could not foo');
}

foo('abc');

/* The code above displays the following :

Fatal error: Uncaught Exception: Could not foo in file.php:6
Stack trace:
#0 file.php(9): foo(Object(SensitiveParameterValue))
#1 {main}
  thrown in file.php on line 6
*/

?>

Documentation

Added in PHP 8.2+

Sensitive Parameter¶

PHP Dictionary

Navigation

Related Topics