Struct SecretBytesMut 

pub struct SecretBytesMut { /* private fields */ }

Clear-on-drop wrapper around BytesMut.

Clearing expands the buffer to its reported capacity, volatile-clears that initialized view, then resets the length to zero. This covers the owned capacity exposed by BytesMut; it does not make claims about allocator internals outside that buffer.

Security

This wrapper treats capacity as fixed after construction. Appending beyond capacity would force BytesMut to reallocate and free the old allocation while it still contains secret bytes. SecretBytesMut::extend_from_slice therefore returns CapacityError instead of growing implicitly. Allocate the maximum expected size up front with SecretBytesMut::with_capacity.

Implementations

impl SecretBytesMut

pub fn new() -> Self

Create an empty secret byte buffer.

pub fn with_capacity(capacity: usize) -> Self

Allocate secret byte storage with at least capacity bytes.

pub fn from_slice(bytes: &[u8]) -> Self

Copy a slice into a new secret byte buffer.

pub fn from_bytes_mut(inner: BytesMut) -> Self

Wrap an existing BytesMut.

pub fn len(&self) -> usize

Number of initialized bytes.

pub fn is_empty(&self) -> bool

Returns true when there are no initialized bytes.

pub fn capacity(&self) -> usize

Reported capacity of the underlying BytesMut.

pub fn extend_from_slice(&mut self, bytes: &[u8]) -> Result<(), CapacityError>

Append bytes to the secret buffer without reallocating.

Returns CapacityError if the append would exceed the current capacity. This avoids leaving secret bytes in a freed old allocation after an implicit BytesMut growth.

pub fn as_slice(&self) -> &[u8]

Borrow initialized bytes.

pub fn with_secret<R>(&self, inspect: impl FnOnce(&[u8]) -> R) -> R

Run a closure with read-only access to initialized bytes.

pub fn with_secret_mut<R>(&mut self, edit: impl FnOnce(&mut [u8]) -> R) -> R

Run a closure with mutable access to initialized bytes.

pub fn clear_secret(&mut self)

Sanitize the reported capacity and clear the buffer.

pub fn into_cleared(self)

Consume after first sanitizing all accessible capacity.

Trait Implementations

impl Debug for SecretBytesMut

fn fmt(&self, formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SecretBytesMut

fn default() -> Self

Returns the “default value” for a type.

impl Drop for SecretBytesMut

fn drop(&mut self)

Executes the destructor for this type.

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)

Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned.

impl SecureSanitize for SecretBytesMut

fn secure_sanitize(&mut self)

Clear the sensitive bytes owned by this value.