Crate api_keys_simplified

Crate api_keys_simplified 

Source
Expand description

§API Keys Simplified

Secure API key generation and validation with sensible defaults.

§Quick Start

use api_keys_simplified::{ApiKeyManagerV0, Environment, ExposeSecret, KeyStatus};

// Generate a new key with checksum (enabled by default for DoS protection)
let generator = ApiKeyManagerV0::init_default_config("sk")?;
let key = generator.generate(Environment::production())?;
println!("Key: {}", key.key().expose_secret()); // Show once to user
let hash = key.hash(); // Store this in database

// Validate a key - checksum is verified first for DoS protection
let status = generator.verify(key.key(), hash)?;
assert_eq!(status, KeyStatus::Valid);

§Why Use Checksums?

Keys with checksums provide 2900x faster rejection of invalid keys:

  • Invalid keys rejected in ~20μs (checksum validation)
  • Valid keys verified in ~300ms (Argon2 hashing)
  • Protects against DoS attacks via malformed keys

The checksum uses BLAKE3 (cryptographic hash) for integrity verification.

Structs§

ApiKey
Represents a generated API key with its hash.
ApiKeyManagerV0
ApiKeyManager is storable object used to generate and verify API keys. It contains immutable config data necessary to operate. It does NOT contain ANY sensitive data.
Hash
Hash can be safely stored as String in memory without having to worry about zeroizing. Hashes are not secrets and are meant to be stored.
HashConfig
KeyConfig
KeyPrefix
KeyVersion
Key version for backward compatibility and migration. Allows different key formats to coexist during transitions.
NoHash

Enums§

ChecksumAlgo
ConfigError
Configuration errors with specific variants
Environment
Deployment environment for API keys (dev/test/staging/live). Used to visually distinguish keys across different environments and prevent accidental misuse And allow users to set different Rate limits based on Environment.
Error
Error type for API key operations.
KeyStatus
Represents the status of an API key after verification
Separator
Separator character for API key components (prefix, environment and data).

Traits§

ExposeSecret
Expose a reference to an inner secret
SecureStringExt
Extension trait to add convenience methods to SecureString

Type Aliases§

Result
SecureString
A secure string that automatically zeros its memory on drop.