pub struct SecretKey { /* private fields */ }
secrets
only.Expand description
A cryptographically secure secret key.
A SecretKey
is primarily used by private cookies. See the configuration
guide for further details. It can be configured from 256-bit random
material or a 512-bit master key, each as either a base64-encoded string or
raw bytes.
use rocket::config::Config;
// NOTE: Don't (!) use this key! Generate your own and keep it private!
// e.g. via `head -c64 /dev/urandom | base64`
let figment = Config::figment()
.merge(("secret_key", "hPrYyЭRiMyµ5sBB1π+CMæ1køFsåqKvBiQJxBVHQk="));
let config = Config::from(figment);
assert!(!config.secret_key.is_zero());
When configured in the debug profile with the secrets
feature enabled, a
key set as 0
is automatically regenerated at launch time from the OS’s
random source if available.
use rocket::config::Config;
use rocket::local::blocking::Client;
let figment = Config::figment()
.merge(("secret_key", vec![0u8; 64]))
.select("debug");
let rocket = rocket::custom(figment);
let client = Client::tracked(rocket).expect("okay in debug");
assert!(!client.rocket().config().secret_key.is_zero());
When running in any other profile with the secrets
feature enabled,
providing a key of 0
or not provided a key at all results in a failure at
launch-time:
use rocket::config::Config;
use rocket::figment::Profile;
use rocket::local::blocking::Client;
use rocket::error::ErrorKind;
let profile = Profile::const_new("staging");
let figment = Config::figment()
.merge(("secret_key", vec![0u8; 64]))
.select(profile.clone());
let rocket = rocket::custom(figment);
let error = Client::tracked(rocket).expect_err("failure in non-debug");
assert!(matches!(error.kind(), ErrorKind::InsecureSecretKey(profile)));
Implementations§
source§impl SecretKey
impl SecretKey
sourcepub fn derive_from(material: &[u8]) -> SecretKey
pub fn derive_from(material: &[u8]) -> SecretKey
sourcepub fn generate() -> Option<SecretKey>
pub fn generate() -> Option<SecretKey>
Attempts to generate a SecretKey
from randomness retrieved from the
OS. If randomness from the OS isn’t available, returns None
.
Example
use rocket::config::SecretKey;
let key = SecretKey::generate();
sourcepub fn is_zero(&self) -> bool
pub fn is_zero(&self) -> bool
Returns true
if self
is the 0
-key.
Example
use rocket::config::SecretKey;
let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(key.is_zero());
sourcepub fn is_provided(&self) -> bool
pub fn is_provided(&self) -> bool
Returns true
if self
was not automatically generated and is not zero.
Example
use rocket::config::SecretKey;
let master = vec![0u8; 64];
let key = SecretKey::generate().unwrap();
assert!(!key.is_provided());
let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(!key.is_provided());