Expand description
optional provider-neutral sanitization boundary for cloud-sdk.
Provider crates, explicit API domains, security-first release gates, and transport-free core types.
§cloud-sdk-sanitization
Optional provider-neutral secret-handling boundary for the main
cloud-sdk workspace and
cloud-sdk crate.
This crate provides reusable caller-owned buffer sanitization outside the
default no_std SDK and provider crates. It delegates volatile clearing to the
independently reviewed sanitization
crate with default features disabled.
Most users should start with:
[dependencies]
cloud-sdk = "0.21.0"
cloud-sdk-sanitization = "0.13.7"§Example
use cloud_sdk_sanitization::SecretBuffer;
let mut output = [0_u8; 128];
{
let mut guarded = SecretBuffer::new(&mut output);
guarded.as_mut_slice()[..6].copy_from_slice(b"secret");
assert_eq!(&guarded.as_slice()[..6], b"secret");
}
assert_eq!(output, [0_u8; 128]);§Features
| Feature | Default | Effect |
|---|---|---|
default | yes | Empty; keeps the boundary no_std. |
std | no | Enables standard-library integration in cloud-sdk; clearing behavior is unchanged. |
Docs.rs builds with all features. The underlying sanitization dependency
keeps its default features disabled in every configuration.
§Security Notes
SecretBuffer volatile-clears its entire borrowed slice on drop, including
after early returns and unwind where unwind exists. sanitize_bytes provides
the same reviewed primitive for explicit cleanup.
These helpers do not clear immutable source strings or copies made by transports, operating systems, crash handlers, swap, remote services, or other processes. They also do not replace review of token ownership, logging, environment variables, paging, compiler behavior, or process boundaries.
Structs§
- Secret
Buffer - Caller-owned byte buffer that is volatile-cleared when dropped.
Functions§
- sanitize_
bytes - Volatile-clears an ordinary caller-owned byte buffer.