Skip to main content

SecretString

dodot_lib::secret::secret_string

Struct SecretString

pub struct SecretString { /* private fields */ }

Expand description

A resolved secret value, held briefly in process memory.

Construct via SecretString::new; read via SecretString::expose. Zeroes its buffer on drop. Has no Debug / Display / Serialize implementations; printing one through any of those paths produces <redacted>.

Implementations§

impl SecretString

pub fn new(value: String) -> Self

Wrap a UTF-8 string as a secret. Takes ownership of the input bytes so the caller can’t keep a parallel handle.

pub fn from_bytes(bytes: Vec<u8>) -> Self

Wrap an arbitrary byte slice (for binary secrets — keys, etc.).

pub fn expose(&self) -> Result<&str, Utf8Error>

Borrow the secret as &str. Returns an error if the bytes aren’t valid UTF-8 — the value-injection path requires UTF-8. Whole-file deploy uses SecretString::expose_bytes instead.

pub fn expose_bytes(&self) -> &[u8] ⓘ

Borrow the secret as raw bytes. For whole-file flows where UTF-8 isn’t a guarantee.

pub fn len(&self) -> usize

Length of the secret in bytes. Safe to log.

pub fn is_empty(&self) -> bool

True iff the secret is empty.

pub fn contains_newline(&self) -> bool

True iff the secret value contains at least one newline. Used by §3.4’s multi-line refusal: value-injection requires single-line values, and this check is the gate. Reading this flag does not expose the bytes anywhere — it’s a property of the value, not the value itself.

Trait Implementations§

impl Debug for SecretString

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Drop for SecretString

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

impl Freeze for SecretString

impl RefUnwindSafe for SecretString

impl Send for SecretString

impl Sync for SecretString

impl Unpin for SecretString

impl UnsafeUnpin for SecretString

impl UnwindSafe for SecretString

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more