Struct rocket::config::SecretKey[−][src]

pub struct SecretKey { /* fields omitted */ }

Expand description

A cryptographically secure secret key.

A SecretKey is primarily used by private cookies. See the configuration guide for further details. It can be configured from 256-bit random material or a 512-bit master key, each as either a base64-encoded string or raw bytes.

use rocket::config::Config;

let figment = Config::figment()
    .merge(("secret_key", "hPRYyVRiMyxpw5sBB1XeCMN1kFsDCqKvBi2QJxBVHQk="));

let config = Config::from(figment);
assert!(!config.secret_key.is_zero());

When configured in the debug profile with the secrets feature enabled, a key set as 0 is automatically regenerated at launch time from the OS’s random source if available.

use rocket::config::Config;
use rocket::local::blocking::Client;

let figment = Config::figment()
    .merge(("secret_key", vec![0u8; 64]))
    .select("debug");

let rocket = rocket::custom(figment);
let client = Client::tracked(rocket).expect("okay in debug");
assert!(!client.rocket().config().secret_key.is_zero());

When running in any other profile with the secrets feature enabled, providing a key of 0 or not provided a key at all results in a failure at launch-time:

use rocket::config::Config;
use rocket::figment::Profile;
use rocket::local::blocking::Client;
use rocket::error::ErrorKind;

let profile = Profile::const_new("staging");
let figment = Config::figment()
    .merge(("secret_key", vec![0u8; 64]))
    .select(profile.clone());

let rocket = rocket::custom(figment);
let error = Client::tracked(rocket).expect_err("failure in non-debug");
assert!(matches!(error.kind(), ErrorKind::InsecureSecretKey(profile)));

Implementations

impl SecretKey[src]

pub fn from(master: &[u8]) -> SecretKey[src]

Creates a SecretKey from a 512-bit master key. For security, master must be cryptographically random.

Panics

Panics if master < 64 bytes.

Example

use rocket::config::SecretKey;

let key = SecretKey::from(&master);

pub fn derive_from(material: &[u8]) -> SecretKey[src]

Derives a SecretKey from 256 bits of cryptographically random material. For security, material must be cryptographically random.

Panics

Panics if material < 32 bytes.

Example

use rocket::config::SecretKey;

let key = SecretKey::derive_from(&material);

pub fn generate() -> Option<SecretKey>[src]

Attempts to generate a SecretKey from randomness retrieved from the OS. If randomness from the OS isn’t available, returns None.

Example

use rocket::config::SecretKey;

let key = SecretKey::generate();

pub fn is_zero(&self) -> bool[src]

Returns true if self is the 0-key.

Example

use rocket::config::SecretKey;

let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(key.is_zero());

pub fn is_provided(&self) -> bool[src]

Returns true if self was not automatically generated and is not zero.

Example

use rocket::config::SecretKey;

let master = vec![0u8; 64];
let key = SecretKey::generate().unwrap();
assert!(!key.is_provided());

let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(!key.is_provided());

Trait Implementations

impl Clone for SecretKey[src]

fn clone(&self) -> SecretKey[src]

Returns a copy of the value. Read more

fn clone_from(&mut self, source: &Self)1.0.0 [src]

Performs copy-assignment from source. Read more

impl Debug for SecretKey[src]

fn fmt(&self, f: &mut Formatter<'_>) -> Result[src]

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for SecretKey[src]

fn deserialize<D: Deserializer<'de>>(de: D) -> Result<Self, D::Error>[src]

Deserialize this value from the given Serde deserializer. Read more

impl<'r> FromRequest<'r> for &'r SecretKey[src]

type Error = Infallible

The associated error to be returned if derivation fails.

fn from_request<'life0, 'async_trait>(
    req: &'r Request<'life0>
) -> Pin<Box<dyn Future<Output = Outcome<Self, Self::Error>> + Send + 'async_trait>> where
    'r: 'async_trait,
    'life0: 'async_trait,
    Self: 'async_trait,

[src]

Derives an instance of Self from the incoming request metadata. Read more

impl PartialEq<SecretKey> for SecretKey[src]

fn eq(&self, other: &Self) -> bool[src]

This method tests for self and other values to be equal, and is used by ==. Read more

#[must_use]
fn ne(&self, other: &Rhs) -> bool

1.0.0 [src]

This method tests for !=.

Auto Trait Implementations

impl RefUnwindSafe for SecretKey

impl Send for SecretKey

impl Sync for SecretKey

impl Unpin for SecretKey

impl UnwindSafe for SecretKey

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized,

[src]

pub fn type_id(&self) -> TypeId[src]

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
    T: ?Sized,

[src]

pub fn borrow(&self) -> &T[src]

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
    T: ?Sized,

[src]

pub fn borrow_mut(&mut self) -> &mut T[src]

Mutably borrows from an owned value. Read more

impl<T> From<T> for T[src]

pub fn from(t: T) -> T[src]

Performs the conversion.

impl<T> Instrument for T[src]

fn instrument(self, span: Span) -> Instrumented<Self>[src]

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>[src]

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T where
    U: From<T>,

[src]

pub fn into(self) -> U[src]

Performs the conversion.

impl<T> IntoCollection<T> for T[src]

pub fn into_collection<A>(self) -> SmallVec<A> where
    A: Array<Item = T>,

[src]

Converts self into a collection.

pub fn mapped<U, F, A>(self, f: F) -> SmallVec<A> where
    F: FnMut(T) -> U,
    A: Array<Item = U>,

[src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone,

[src]

type Owned = T

The resulting type after obtaining ownership.

pub fn to_owned(&self) -> T[src]

Creates owned data from borrowed data, usually by cloning. Read more

pub fn clone_into(&self, target: &mut T)[src]

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T where
    U: Into<T>,

[src]

type Error = Infallible

The type returned in the event of a conversion error.

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

Performs the conversion.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>,

[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]

Performs the conversion.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,

pub fn vzip(self) -> V

impl<T> DeserializeOwned for T where
    T: for<'de> Deserialize<'de>,

[src]