secrets_rs/lib.rs
1//! `secrets-rs` — safe secret retrieval for Rust applications.
2//!
3//! Secrets are identified by URN (`urn:secrets-rs:<source_id>:<name>`) and
4//! stored in [`Secret<T>`] structs. All default access paths (Display, Debug,
5//! serde serialization) emit a **masked value** that is safe to log. The real
6//! value must be requested explicitly via [`Secret::value`].
7//!
8//! # Quick start
9//!
10//! ```rust
11//! use secrets_rs::{EnvSource, Secret, SourceRegistry, bind_all};
12//!
13//! #[derive(secrets_rs::Bindable)]
14//! struct Config {
15//! api_key: Secret<String>,
16//! }
17//!
18//! # unsafe { std::env::set_var("API_KEY", "s3cr3t") };
19//! let mut config = Config {
20//! api_key: Secret::new("urn:secrets-rs:env:API_KEY").unwrap(),
21//! };
22//!
23//! let mut registry = SourceRegistry::new();
24//! registry.register("env", EnvSource);
25//! bind_all(&mut config, ®istry).unwrap();
26//!
27//! // Masked value — safe to log
28//! println!("{}", config.api_key);
29//!
30//! // Real value — explicit opt-in
31//! let key: &str = config.api_key.value().unwrap();
32//! # let _ = key;
33//! ```
34
35pub mod error;
36pub mod source;
37pub mod sources;
38pub mod urn;
39
40mod bindable;
41mod secret;
42
43pub use bindable::{Bindable, bind_all};
44pub use error::{BindError, SourceError, UnboundError, UrnParseError};
45pub use secret::{Secret, SecretValue};
46pub use secrets_rs_macros::Bindable;
47pub use source::{Source, SourceRegistry};
48pub use sources::env::EnvSource;
49pub use urn::Urn;