Crate neuron_secret 

Secret resolution for neuron.

This crate defines the SecretResolver trait, the SecretValue in-memory wrapper (no Serialize, no Display, no Clone — memory zeroed on drop), and the SecretRegistry for composing multiple resolvers.

Design

• Resolvers resolve a SecretSource (from layer0), not a string name. The name->source mapping lives in CredentialRef.
• SecretValue uses scoped exposure (with_bytes) to prevent accidental leaks.
• SecretRegistry dispatches by SecretSource variant, following the same composition pattern as ToolRegistry and HookRegistry.

Structs

SecretLease

A resolved secret with optional lease information.

SecretRegistry

Composes multiple resolvers, routing by SecretSource variant.

SecretValue

An opaque secret value. Cannot be logged, serialized, or cloned. Memory is zeroed on drop via Zeroizing.

Enums

SecretError

Errors from secret resolution (crate-local, not in layer0).

SourceMatcher

How to match a SecretSource variant to a resolver.

Traits

SecretEventSink

Optional event sink for audit logging of secret access.

SecretResolver

Resolve a secret from a specific backend.