Expand description
secrets-rs — safe secret retrieval for Rust applications.
Secrets are identified by URN (urn:secrets-rs:<source_id>:<name>) and
stored in Secret<T> structs. All default access paths (Display, Debug,
serde serialization) emit a masked value that is safe to log. The real
value must be requested explicitly via Secret::value.
§Built-in sources
| Source | source_id | Backed by |
|---|---|---|
EnvSource | "env" (pre-registered) | std::env::var |
FileSource | e.g. "file" | std::fs::read (use FileSource::with_base for stable resolution in multi-threaded programs) |
§Quick start
use secrets_rs::{Secret, SourceRegistry, bind_all};
#[derive(secrets_rs::Bindable)]
struct Config {
api_key: Secret<String>,
}
let mut config = Config {
api_key: Secret::new("urn:secrets-rs:env:API_KEY").unwrap(),
};
// EnvSource is registered under "env" by default.
let registry = SourceRegistry::new();
bind_all(&mut config, ®istry).unwrap();
// Masked value — safe to log
println!("{}", config.api_key);
// Real value — explicit opt-in
let key: &str = config.api_key.value().unwrap();Re-exports§
pub use error::BindError;pub use error::SourceError;pub use error::SourceRegisterError;pub use error::UnboundError;pub use error::UrnParseError;pub use source::Source;pub use source::SourceRegistry;pub use sources::env::EnvSource;pub use sources::file::FileSource;pub use urn::Urn;
Modules§
Structs§
- Secret
- A secret value identified by a URN.
Traits§
- Bindable
- Implemented by structs that contain one or more
Secretfields. - Secret
Value - Implemented by types that can be stored inside a
Secret.
Functions§
- bind_
all - Binds all secrets in
targetusingregistry.
Derive Macros§
- Bindable
- Derives [
secrets_rs::Bindable] for a struct.