Crate sec [−] [src]
sec
The sec
crate prevent secrets from accidentally leaking through Debug
or Display
implementations. It does so by wrapping any kind of
confidential information in a zero-overhead type:
use sec::Secret; #[derive(Debug)] struct User { id: usize, username: String, session_token: Secret<String>, } let alice = User{ id: 1, username: "alice".to_owned(), session_token: Secret::new("no one should see this".to_owned()), }; println!("Now talking to: {:?}", alice);
This will yield the following output:
Now talking to: User{ id = 1, username: String("alice"), session_token: "..." }
This functionality is very useful when dealing with data that should always be prevented from accidentally leaking through panics, log files.
The contained data can be accessed by any of the reaveal
methods:
println!("Don't tell anyone, but Alice's token is: {}", alice.session_token.reveal());
Only methods that contain reveal
in their name actually allow accessing
the secret value.
Serde support (deserialize
/serialize
features)
If the deserialize
feature is enabled, any Secret<T>
will automatically
implement Deserialize
from Serde:
#[derive(Deserialize)]
struct AuthRequest{
username: String,
password: Secret<String>,
}
AuthRequest
will be deserialized as if password
was a regular String
,
the result will be stored as a Secret<String>
. Additionally, if any
deserialization errors occur, the resulting serde error will be replaced
to avoid leaking the unparsed value.
Serialization can be enabled through the serialize
feature.
IMPORTANT: Serializing data to a readable format is still a way to leak secrets. Only enable this feature if you need it.
Diesel support (diesel_sql
feature)
Limited support for inserting and loading Secret<T>
values through
Diesel can be enabled by the diesel_sql
feature.
IMPORTANT: The database may log and echo back (on error) any query that
fails, takes to long or is otherwise deemed interesting. Using Secret
values in expressions should be avoided.
no_std
support
By disabling the default features, no_std
is supported. It can be
re-enabled through the std
feature.
Security
While sec
usually does a good job from preventing accidentally leaks
through logging mistakes, it currently does not protect the actual memory
(while not impossible, this requires a lot of extra effort due to heap
allocations).
If protecting cryptographic secrets in-memory from stackdumps and similar is a concern, have a look at the secrets crate or similar crates.
Structs
Secret |
Wraps a type |