Skip to main content

ApiKey

api_keys_simplified

Struct ApiKey 

Source 
pub struct ApiKey<Hash> { /* private fields */ }
Expand description

Represents a generated API key with its hash.

The key field is stored in a SecureString which automatically zeros its memory on drop, preventing potential memory disclosure.

Implementations§

Source§

impl<T> ApiKey<T>

Source

pub fn key(&self) -> &SecureString

Returns a reference to the secure API key.

To access the underlying string, use .expose_secret() on the returned SecureString:

let key_str: &str = api_key.key().expose_secret();
§Security Note

The key is stored in secure memory that is automatically zeroed on drop. Be careful NOT to clone or log the value unnecessarily.

Source§

impl ApiKey<NoHash>

Source

pub fn new(key: SecureString) -> ApiKey<NoHash>

Creates a new API key without a hash.

This is typically used internally before converting to a hashed key.

Source

pub fn into_hashed(self, hasher: &KeyHasher) -> Result<ApiKey<Hash>>

Converts this unhashed key into a hashed key by generating a new random salt and computing the Argon2 hash.

This method is automatically called by ApiKeyManagerV0::generate() and ApiKeyManagerV0::generate_with_expiry().

Source

pub fn into_hashed_with_phc( self, hasher: &KeyHasher, phc_hash: &str, ) -> Result<ApiKey<Hash>>

Converts this unhashed key into a hashed key using a specific PHC hash string.

This is useful when you need to regenerate the same hash from the same key, for example in testing or when verifying hash consistency. The salt is extracted from the provided PHC hash string.

§Parameters
  • hasher - The key hasher to use
  • phc_hash - An existing PHC-formatted hash string to extract the salt from
§Example
let key1 = manager.generate(Environment::production()).unwrap();

// Regenerate hash with the same salt (extracted from the PHC hash)
let key2 = ApiKey::new(SecureString::from(key1.key().expose_secret()))
    .into_hashed_with_phc(manager.hasher(), key1.expose_hash().hash())
    .unwrap();

// Both hashes should be identical
assert_eq!(key1.expose_hash(), key2.expose_hash());
Source

pub fn into_key(self) -> SecureString

Consumes the API key and returns the underlying secure string.

Source§

impl ApiKey<Hash>

Source

pub fn expose_hash(&self) -> &Hash

Returns a reference to the hash.

The returned Hash struct contains the Argon2 hash string in PHC format. The PHC format embeds all necessary information including the salt, algorithm parameters, and hash output. This single string should be stored in your database for later verification.

§Accessing Fields

Use the auto-generated getter method:

  • .hash() - Returns the PHC-formatted hash string as &str
§PHC Format

The hash string follows the PHC format: $argon2id$v=19$m=19456,t=2,p=1$<salt>$<hash>

The salt is embedded in the hash string and can be extracted if needed using the password_hash crate’s PasswordHash::new() method.

§Security Note

Although it’s safe to store the hash, avoid making unnecessary clones or logging the hash to minimize exposure.

§Example
// Get the hash for storage
let hash_struct = api_key.expose_hash();

// Access the hash string for database storage
let hash_str: &str = hash_struct.hash();
println!("Store this hash: {}", hash_str);
Source

pub fn into_key(self) -> SecureString

Consumes the API key and returns the underlying secure string.

Trait Implementations§

Source§

impl<Hash: Debug> Debug for ApiKey<Hash>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<Hash> Freeze for ApiKey<Hash>
where Hash: Freeze,

§

impl<Hash> RefUnwindSafe for ApiKey<Hash>
where Hash: RefUnwindSafe,

§

impl<Hash> Send for ApiKey<Hash>
where Hash: Send,

§

impl<Hash> Sync for ApiKey<Hash>
where Hash: Sync,

§

impl<Hash> Unpin for ApiKey<Hash>
where Hash: Unpin,

§

impl<Hash> UnwindSafe for ApiKey<Hash>
where Hash: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.