cloud-sdk-sanitization
Optional provider-neutral secret-handling boundary for the main
cloud-sdk workspace and
cloud-sdk crate.
This crate exists so reusable token, credential, and caller-owned buffer sanitization helpers can be reviewed outside the default no_std SDK and provider crates. It intentionally does not depend on a sanitization implementation yet.
Most users should start with:
[]
= "0.12.0"
Use this crate only when the release notes say sanitization helpers have been admitted.
Current Example
use SanitizationStatus;
assert_eq!;
Security Notes
Sanitization helpers do not replace review of token ownership, copies, logging, environment variables, paging, crash dumps, compiler behavior, or process boundaries. Any future dependency must be admitted with explicit release notes, tests, and pentest evidence.