Expand description
Sensitive string type for fields that must never be exposed.
SensitiveString wraps a String but always serialises as
"***REDACTED***". This provides compile-time guarantees that the
value cannot leak through serialisation — not in the config registry,
not in logs, not in debug output, not in API responses.
This module is always available (no feature gate) so that any module
can use SensitiveString regardless of which features are enabled.
§Three layers of secret protection
| Layer | Mechanism | Catches |
|---|---|---|
#[serde(skip_serializing)] | Field absent from output | Fields that should never appear |
| Heuristic auto-redaction | Field name pattern matching | Common names: password, secret, token, key |
SensitiveString type | Value always serialises as redacted | Non-obvious fields: connection_string, dsn |
§Usage
use hyperi_rustlib::SensitiveString;
use serde::{Serialize, Deserialize};
#[derive(Serialize, Deserialize)]
struct DbConfig {
host: String,
port: u16,
connection_string: SensitiveString, // Always redacted
}Structs§
- Sensitive
String - A string value that is always redacted when serialised.