Skip to main content

BatchSecrets

cuenv_secrets

Struct BatchSecrets 

Source 
pub struct BatchSecrets { /* private fields */ }
Expand description

Batch of resolved secrets with per-batch lifetime.

Secrets are automatically zeroed when this struct is dropped. This provides secure handling for secrets resolved ahead of task execution.

§Lifetime

This struct is designed for per-batch use:

  1. Resolve all secrets needed for a batch of tasks
  2. Use the secrets during task execution
  3. Drop the BatchSecrets when the batch completes
  4. Memory is automatically zeroed on drop

§Example

let mut batch = BatchSecrets::new();
batch.insert("API_KEY".to_string(), SecureSecret::new("secret".to_string()), None);

// Use during task execution
if let Some(secret) = batch.get("API_KEY") {
    std::env::set_var("API_KEY", secret.expose());
}

// When batch goes out of scope, all secrets are zeroed

Implementations§

Source§

impl BatchSecrets

Source

pub fn new() -> Self

Create an empty batch.

Source

pub fn with_capacity(capacity: usize) -> Self

Create a batch with pre-allocated capacity.

Source

pub fn insert( &mut self, name: String, value: SecureSecret, fingerprint: Option<String>, )

Insert a secret into the batch.

§Arguments
  • name - The secret name/key
  • value - The secure secret value
  • fingerprint - Optional HMAC fingerprint for cache key inclusion
Source

pub fn get(&self, name: &str) -> Option<&SecureSecret>

Get a secret by name.

Source

pub fn contains(&self, name: &str) -> bool

Check if the batch contains a secret.

Source

pub fn is_empty(&self) -> bool

Check if the batch is empty.

Source

pub fn len(&self) -> usize

Get the number of secrets in the batch.

Source

pub const fn fingerprints(&self) -> &HashMap<String, String>

Get the fingerprints map.

Source

pub fn fingerprint(&self, name: &str) -> Option<&str>

Get the fingerprint for a specific secret.

Source

pub fn names(&self) -> impl Iterator<Item = &String>

Iterate over secret names.

Source

pub fn into_env_map(self) -> HashMap<String, String>

Convert to environment variable map for process injection.

§Warning

This exposes all secret values. Use carefully and ensure the resulting map is not logged or persisted.

Source

pub fn into_resolved_secrets(self) -> ResolvedSecrets

Convert to ResolvedSecrets for backward compatibility.

This consumes the batch and converts it to the legacy format.

Source

pub fn merge(&mut self, other: Self)

Merge another batch into this one.

Secrets from other will overwrite existing secrets with the same name.

Trait Implementations§

Source§

impl Debug for BatchSecrets

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for BatchSecrets

Source§

fn default() -> BatchSecrets

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more