Expand description
SecretBox wrapper type for more carefully handling secret values
(e.g. passwords, cryptographic keys, access tokens or other credentials)
§Goals
- Make secret access explicit and easy-to-audit via the
ExposeSecretandExposeSecretMuttraits. - Prevent accidental leakage of secrets via channels like debug logging
- Ensure secrets are wiped from memory on drop securely
(using the [
zeroize] crate)
Presently this crate favors a simple, no_std-friendly, safe i.e.
forbid(unsafe_code)-based implementation and does not provide more advanced
memory protection mechanisms e.g. ones based on mlock(2)/mprotect(2).
We may explore more advanced protection mechanisms in the future.
Those who don’t mind std and libc dependencies should consider using
the secrets crate.
§serde support
When the serde feature of this crate is enabled, the SecretBox type will
receive a Deserialize impl for all SecretBox<T> types where
T: DeserializeOwned. This allows loading secret values from data
deserialized from serde (be careful to clean up any intermediate secrets
when doing this, e.g. the unparsed input!)
To prevent exfiltration of secret values via serde, by default SecretBox<T>
does not receive a corresponding Serialize impl. If you would like
types of SecretBox<T> to be serializable with serde, you will need to impl
the SerializableSecret marker trait on T
Structs§
- Wrapper type for values that contains secrets.
Traits§
- Expose a reference to an inner secret
- Expose a mutable reference to an inner secret
Type Aliases§
- Wrapper type for strings that contains secrets. See also SecretBox.