#[derive(SecureSanitize)]
{
// Attributes available to this derive:
#[sanitization]
}
Expand description
Derive sanitization::SecureSanitize for structs and enums.
Every non-skipped field must implement SecureSanitize. Use
#[sanitization(skip)] only for fields that are intentionally non-secret or
cleared elsewhere.
§Enums
For enums, generated code can only sanitize the currently active variant.
It cannot safely reach bytes left behind by previously active variants after
a variant transition. Use sanitization::secure_replace before replacement,
derive SecureSanitizeOnDrop when drop-before-assignment semantics are
wanted, or prefer struct wrappers for high-assurance state machines.
When the strict-enum-derive feature is enabled on this derive crate,
enum derives require:
ⓘ
#[sanitization(enum_inactive_variant_bytes = "acknowledged")]