Struct Secret 

pub struct Secret<T: Zeroize>(/* private fields */);

A wrapper for sensitive environment variables that:

• Redacts the value in Debug and (when the serde feature is enabled) in Serialize output.
• Zeroes the inner heap memory on Drop via Zeroize.
• Prevents raw values from leaking into error messages (REDACT_IN_ERRORS = true).

Limitations

• std::mem::forget bypasses the Drop impl and will not zeroize the inner value. This is a fundamental limitation of the Zeroize pattern and cannot be solved without a custom allocator.
• Clone creates an independent copy of the secret on the heap. Both copies are zeroized on drop, but the attack surface is doubled.
• PartialEq uses the standard short-circuit comparison of T, which is not constant-time. Do not use it in contexts where a timing side-channel could leak information about the secret.
• Deref exposes &T, which may implement Display. Secret itself intentionally does not implement Display to prevent accidental logging.

Example

let m: std::collections::HashMap<String, String> =
    [("TOKEN".into(), "secret".into())].into_iter().collect();
let cfg = lockedenv::from_map! { map: m, TOKEN: lockedenv::Secret<String> };
assert_eq!(cfg.TOKEN.as_ref(), "secret");
// Debug never leaks the value:
assert!(format!("{:?}", cfg).contains("[REDACTED]"));

Implementations

impl<T: Zeroize> Secret<T>

pub fn new(val: T) -> Self

Create a new Secret wrapping the given value.

pub fn into_inner(self) -> T

Consume the wrapper and return the inner value.

Uses std::mem::ManuallyDrop to bypass the Drop impl (which zeroizes T). The caller takes full responsibility for the returned value and its eventual cleanup.

Trait Implementations

impl<T: Zeroize> AsRef<T> for Secret<T>

fn as_ref(&self) -> &T

Converts this type into a shared reference of the (usually inferred) input type.

impl<T: Zeroize> Borrow<T> for Secret<T>

fn borrow(&self) -> &T

Immutably borrows from an owned value.

impl<T: Clone + Zeroize> Clone for Secret<T>

fn clone(&self) -> Secret<T>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<T: Zeroize> Debug for Secret<T>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<T: Zeroize> Deref for Secret<T>

type Target = T

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl<T: Zeroize> Drop for Secret<T>

Automatically zero the heap when the Secret goes out of scope. Applies whenever T: Zeroize (e.g. Secret<String>, Secret<Vec<u8>>).

fn drop(&mut self)

Executes the destructor for this type.

impl<T: Zeroize> From<T> for Secret<T>

fn from(val: T) -> Self

Converts to this type from the input type.

impl<T: FromEnvStr + Zeroize> FromEnvStr for Secret<T>

const REDACT_IN_ERRORS: bool = true

When true, error messages replace the raw value with [REDACTED].

type Err = <T as FromEnvStr>::Err

The error type returned when parsing fails.

fn from_env_str(s: &str) -> Result<Self, Self::Err>

Parse the raw string s into Self.

fn missing_value(key: &str) -> Result<Self, EnvLockError>

Called when the corresponding key is absent. Defaults to an error; Option<T> returns Ok(None).

impl<T: Zeroize + PartialEq> PartialEq for Secret<T>

Warning: uses the standard short-circuit comparison of T — not constant-time. Avoid in timing-sensitive contexts.

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<T: Zeroize> Zeroize for Secret<T>

Zero the inner value on drop when T supports it. This prevents the secret from lingering in heap memory after the struct is dropped.

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl<T: Zeroize + Eq> Eq for Secret<T>