Expand description
This is a basic wrapper for secret/hidden values
It implements zeroize-on-drop, meaning the data is securely erased from memory once it goes out of scope.
You may call drop() prematurely if you wish to erase it sooner.
Protected values are also hidden from fmt::Debug, and will display [REDACTED] instead.
The only way to access the data within a Protected value is to call .expose() - this is to prevent accidental leakage.
This also makes any Protected value easier to audit, as you are able to quickly view wherever the data is accessed.
Protected values are not able to be copied within memory, to prevent accidental leakage. They are able to be cloned however - but this is always explicit and you will be aware of it.
I’d like to give a huge thank you to the authors of the secrecy crate, as that crate’s functionality inspired this implementation.
§Examples
let secret_data = "this is classified information".to_string();
let protected_data = Protected::new(secret_data);
// the only way to access the data within the `Protected` wrapper
// is by calling `.expose()`
let value = protected_data.expose();