ApiKey

api_keys_simplified

Struct ApiKey 

Source 
pub struct ApiKey<Hash> { /* private fields */ }
Expand description

Represents a generated API key with its hash.

The key field is stored in a SecureString which automatically zeros its memory on drop, preventing potential memory disclosure.

Implementations§

Source§

impl<T> ApiKey<T>

Source

pub fn key(&self) -> &SecureString

Returns a reference to the secure API key.

To access the underlying string, use .expose_secret() on the returned SecureString:

let key_str: &str = api_key.key().expose_secret();
§Security Note

The key is stored in secure memory that is automatically zeroed on drop. Be careful NOT to clone or log the value unnecessarily.

Source§

impl ApiKey<NoHash>

Source

pub fn new(key: SecureString) -> ApiKey<NoHash>

Creates a new API key without a hash.

This is typically used internally before converting to a hashed key.

Source

pub fn into_hashed(self, hasher: &KeyHasher) -> Result<ApiKey<Hash>>

Converts this unhashed key into a hashed key by generating a new random salt and computing the Argon2 hash.

This method is automatically called by ApiKeyManagerV0::generate() and ApiKeyManagerV0::generate_with_expiry().

Source

pub fn into_hashed_with_salt( self, hasher: &KeyHasher, salt: &str, ) -> Result<ApiKey<Hash>>

Converts this unhashed key into a hashed key using a specific salt.

This is useful when you need to regenerate the same hash from the same key, for example in testing or when verifying hash consistency.

§Parameters
  • hasher - The key hasher to use
  • salt - Base64-encoded salt string (32 bytes when decoded)
§Example
let key1 = manager.generate(Environment::production()).unwrap();

// Regenerate hash with the same salt
let key2 = ApiKey::new(SecureString::from(key1.key().expose_secret()))
    .into_hashed_with_salt(manager.hasher(), key1.expose_hash().salt())
    .unwrap();

// Both hashes should be identical
assert_eq!(key1.expose_hash(), key2.expose_hash());
Source

pub fn into_key(self) -> SecureString

Consumes the API key and returns the underlying secure string.

Source§

impl ApiKey<Hash>

Source

pub fn expose_hash(&self) -> &Hash

Returns a reference to the hash and salt.

The returned Hash struct contains both the Argon2 hash string and the base64-encoded salt used to generate it. The hash should be stored in your database for later verification.

§Accessing Fields

Use the auto-generated getter methods:

  • .hash() - Returns the Argon2 hash string as &str
  • .salt() - Returns the base64-encoded salt as &str
§Security Note

Although it’s safe to store the hash, avoid making unnecessary clones or logging the hash to minimize exposure.

§Example
// Get the hash for storage
let hash_struct = api_key.expose_hash();

// Access the hash string for database storage
let hash_str: &str = hash_struct.hash();
println!("Store this hash: {}", hash_str);

// Access the salt (if needed for hash regeneration)
let salt: &str = hash_struct.salt();
Source

pub fn into_key(self) -> SecureString

Consumes the API key and returns the underlying secure string.

Trait Implementations§

Source§

impl<Hash: Debug> Debug for ApiKey<Hash>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<Hash> Freeze for ApiKey<Hash>
where Hash: Freeze,

§

impl<Hash> RefUnwindSafe for ApiKey<Hash>
where Hash: RefUnwindSafe,

§

impl<Hash> Send for ApiKey<Hash>
where Hash: Send,

§

impl<Hash> Sync for ApiKey<Hash>
where Hash: Sync,

§

impl<Hash> Unpin for ApiKey<Hash>
where Hash: Unpin,

§

impl<Hash> UnwindSafe for ApiKey<Hash>
where Hash: UnwindSafe,

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.