Dynamic

secure_gate

Struct Dynamic 

Source 
pub struct Dynamic<T: ?Sized>(/* private fields */);
Expand description

Re-export of the Dynamic type. Heap-allocated secure secret wrapper.

This is a thin wrapper around Box<T> with enforced explicit exposure. Suitable for dynamic-sized secrets like String or Vec<u8>.

Security invariants:

  • No Deref or AsRef — prevents silent access.
  • Debug is always redacted.
  • With zeroize, wipes the entire allocation on drop (including spare capacity).

§Examples

Basic usage:

use secure_gate::Dynamic;
let secret: Dynamic<String> = "hunter2".into();
assert_eq!(secret.expose_secret(), "hunter2");

With already-boxed values:

use secure_gate::Dynamic;
let boxed_secret = Box::new("hunter2".to_string());
let secret: Dynamic<String> = boxed_secret.into(); // or Dynamic::from(boxed_secret)
assert_eq!(secret.expose_secret(), "hunter2");

Mutable access:

use secure_gate::Dynamic;
let mut secret = Dynamic::<String>::new("pass".to_string());
secret.expose_secret_mut().push('!');
assert_eq!(secret.expose_secret(), "pass!");

With zeroize (automatic wipe):

use secure_gate::Dynamic;
let secret = Dynamic::<Vec<u8>>::new(vec![1u8; 32]);
drop(secret); // heap wiped automatically

Implementations§

Source§

impl<T: ?Sized> Dynamic<T>

Source

pub fn new<U>(value: U) -> Self
where U: Into<Box<T>>,

Wrap a value by boxing it.

Uses Into<Box<T>> for flexibility.

Source

pub const fn expose_secret(&self) -> &T

Expose the inner value for read-only access.

This is the only way to read the secret — loud and auditable.

Source

pub fn expose_secret_mut(&mut self) -> &mut T

Expose the inner value for mutable access.

This is the only way to mutate the secret — loud and auditable.

Source§

impl Dynamic<String>

§Ergonomic helpers for common heap types

Source

pub const fn len(&self) -> usize

Returns the length of the string in bytes.

This is safe public metadata — does not expose the secret.

Source

pub const fn is_empty(&self) -> bool

Returns true if the string is empty (zero bytes).

This is safe public metadata — does not expose the secret.

Source§

impl<T> Dynamic<Vec<T>>

Source

pub const fn len(&self) -> usize

Returns the number of elements in the vector.

This is safe public metadata — does not expose the secret.

Source

pub const fn is_empty(&self) -> bool

Returns true if the vector is empty (zero elements).

This is safe public metadata — does not expose the secret.

Source§

impl<T> Dynamic<T>
where T: ?Sized + AsRef<[u8]>,

Constant-time equality for byte-convertible types — available with ct-eq feature.

Source

pub fn ct_eq(&self, other: &Self) -> bool

Constant-time equality comparison.

This is the only safe way to compare two dynamic secrets. Available only when the ct-eq feature is enabled.

§Example
use secure_gate::Dynamic;
let a: Dynamic<String> = Dynamic::new("secret".to_string());
let b: Dynamic<String> = Dynamic::new("secret".to_string());
assert!(a.ct_eq(&b));
Source§

impl Dynamic<CloneableStringInner>

Source

pub const fn expose_inner(&self) -> &String

Returns a reference to the inner string without cloning.

This method provides direct access to the wrapped String. The reference is valid for the lifetime of the CloneableString.

Source

pub fn expose_inner_mut(&mut self) -> &mut String

Returns a mutable reference to the inner string.

This method provides direct mutable access to the wrapped String. Use this when you need to modify the string contents in-place.

Source

pub fn init_with<F>(constructor: F) -> Self
where F: FnOnce() -> String,

Construct a cloneable string secret by building it in a closure.

This minimizes the time the secret spends on the stack:

  • The closure builds a temporary String.
  • It is immediately cloned to the heap.
  • The temporary is zeroized before returning.

Use this when reading passwords or tokens from user input.

§Example
use secure_gate::CloneableString;
use std::io::{self, Write};

fn read_password() -> io::Result<String> {
    let mut input = String::new();
    io::stdout().flush()?;
    io::stdin().read_line(&mut input)?;
    Ok(input.trim_end().to_string())
}

let pw = CloneableString::init_with(|| read_password().unwrap());
Source

pub fn try_init_with<F, E>(constructor: F) -> Result<Self, E>
where F: FnOnce() -> Result<String, E>,

Fallible version of init_with.

Same stack-minimization benefits as init_with, but allows for construction that may fail with an error. Useful when reading secrets from fallible sources like files, network connections, or user input that may encounter I/O errors.

Source§

impl Dynamic<CloneableVecInner>

Source

pub const fn expose_inner(&self) -> &Vec<u8>

Returns a reference to the inner vector without cloning.

This method provides direct access to the wrapped Vec<u8>. The reference is valid for the lifetime of the CloneableVec.

Source

pub fn expose_inner_mut(&mut self) -> &mut Vec<u8>

Returns a mutable reference to the inner vector.

This method provides direct mutable access to the wrapped Vec<u8>. Use this when you need to modify the vector contents in-place.

Source

pub fn init_with<F>(constructor: F) -> Self
where F: FnOnce() -> Vec<u8>,

Construct a cloneable vec secret by building it in a closure.

Same stack-minimization benefits as CloneableString::init_with.

§Example
use secure_gate::CloneableVec;

let seed = CloneableVec::init_with(|| {
    let mut v = vec![0u8; 32];
    // Fill from some source...
    v
});
Source

pub fn try_init_with<F, E>(constructor: F) -> Result<Self, E>
where F: FnOnce() -> Result<Vec<u8>, E>,

Fallible version of init_with.

Same stack-minimization benefits as init_with, but allows for construction that may fail with an error. Useful when reading secrets from fallible sources like files or network connections.

Trait Implementations§

Source§

impl<T: CloneSafe> Clone for Dynamic<T>

Available on crate feature zeroize only.

Opt-in Clone — only for types marked CloneSafe.

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: ?Sized> Debug for Dynamic<T>

Debug implementation (always redacted).

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<&[u8]> for Dynamic<Vec<u8>>

§Additional conversions

Wrap a byte slice into a Dynamic Vec<u8>.

Source§

fn from(slice: &[u8]) -> Self

Converts to this type from the input type.
Source§

impl From<&str> for Dynamic<String>

Wrap a string slice in a Dynamic String.

Source§

fn from(s: &str) -> Self

Converts to this type from the input type.
Source§

impl<T: ?Sized> From<Box<T>> for Dynamic<T>

Wrap a boxed value in a Dynamic secret.

Source§

fn from(boxed: Box<T>) -> Self

Converts to this type from the input type.
Source§

impl<T> From<T> for Dynamic<T>

§Convenient From impls

Wrap a value in a Dynamic secret by boxing it.

Source§

fn from(value: T) -> Self

Converts to this type from the input type.
Source§

impl<T: ?Sized + Zeroize> Zeroize for Dynamic<T>

Available on crate feature zeroize only.

Zeroize integration.

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl<T: ?Sized + Zeroize> ZeroizeOnDrop for Dynamic<T>

Available on crate feature zeroize only.

Zeroize on drop integration.

Auto Trait Implementations§

§

impl<T> Freeze for Dynamic<T>
where T: ?Sized,

§

impl<T> RefUnwindSafe for Dynamic<T>
where T: RefUnwindSafe + ?Sized,

§

impl<T> Send for Dynamic<T>
where T: Send + ?Sized,

§

impl<T> Sync for Dynamic<T>
where T: Sync + ?Sized,

§

impl<T> Unpin for Dynamic<T>
where T: ?Sized,

§

impl<T> UnwindSafe for Dynamic<T>
where T: UnwindSafe + ?Sized,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<!> for T

Source§

fn from(t: !) -> T

Converts to this type from the input type.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.