Crate secrecy

SecretBox wrapper type for more carefully handling secret values (e.g. passwords, cryptographic keys, access tokens or other credentials)

Goals

• Make secret access explicit and easy-to-audit via the ExposeSecret and ExposeSecretMut traits.
• Prevent accidental leakage of secrets via channels like debug logging
• Ensure secrets are wiped from memory on drop securely (using the zeroize crate)

Presently this crate favors a simple, no_std-friendly, safe i.e. forbid(unsafe_code)-based implementation and does not provide more advanced memory protection mechanisms e.g. ones based on mlock(2)/mprotect(2). We may explore more advanced protection mechanisms in the future. Those who don’t mind std and libc dependencies should consider using the secrets crate.

serde support

When the serde feature of this crate is enabled, the SecretBox type will receive a Deserialize impl for all SecretBox<T> types where T: DeserializeOwned. This allows loading secret values from data deserialized from serde (be careful to clean up any intermediate secrets when doing this, e.g. the unparsed input!)

To prevent exfiltration of secret values via serde, by default SecretBox<T> does not receive a corresponding Serialize impl. If you would like types of SecretBox<T> to be serializable with serde, you will need to impl the SerializableSecret marker trait on T.

Re-exports

• pub use zeroize;

Structs

• SecretBox
  Wrapper type for values that contains secrets, which attempts to limit accidental exposure and ensure secrets are wiped from memory when dropped. (e.g. passwords, cryptographic keys, access tokens or other credentials)

Traits

• CloneableSecret
  Marker trait for secrets which are allowed to be cloned
• ExposeSecret
  Expose a reference to an inner secret
• ExposeSecretMut
  Expose a mutable reference to an inner secret
• SerializableSecretserde
  Marker trait for secret types which can be Serialize-d by serde.

Type Aliases

• SecretSlice
  Secret slice type.
• SecretString
  Secret string type.