Redacted + improved privacy of private keys

[Jordan-Mysten]

Description

Taking inspiration from how Effect handles Redacted values, this introduces our own redacted function, which creates a value that is stored via a weakmap on a global registry. This has some neat properties:

• You need a reference to the redacted to get it out of the registry, so this should be plenty safe (weakmaps don't allow enumeration, or reading values without the keys).
• Logging the redacted identifier is completely safe, because the actual underlying value is stored completely distinctly
• You can kinda improve debugging of these values since we can add the debug tags that denote that this is a redacted value when it does get logged.

I originally wanted this to be exposed in a create-only way, so that outside of the package you couldn't read reacted values, but I realized that we probably want methods like getSecretKey to return redacted values by default.

While I was here, I realized we were using fake private for the data in keypairs, which kind of scares the shit out of me because if you log a keypair (which IMO seems like an operation that should be plenty safe) it means that all of the secret values are exposed:

I made this a true private which shouldn't be a breaking change unless people are depending on undocumented properties. I thought about changing this to store as a redacted internally, but just using true privates felt like a better solution here.

Test plan

I will test it + update docs before merging.

---

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sui-typescript-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 27, 2025 5:42pm

[github-actions]

⚠️ 🦋 Changesets Warning: This PR has changes to public npm packages, but does not contain a changeset. You can create a changeset easily by running pnpm changeset in the root of the Sui repo, and following the prompts. If your change does not need a changeset (e.g. a documentation-only change), you can ignore this message. This warning will be removed when a changeset is added to this pull request.

Learn more about Changesets.

[hayes-mysten]

I think this might not work well across sdk versions. I think when we introduced symbols for Transaction and/or SuiClient properties it caused some issues. I'm not sure how unique symbol type works, and maybe thats the fix?

[Jordan-Mysten]

Yeah I think you're right. I just was trying to hide any public API from this. I can just tack on a string property or something though.

[hayes-mysten]

this can just be a concrete implementation right?