Fixed

secure_gate

Struct Fixed 

Source 
pub struct Fixed<T>(/* private fields */);
Expand description

Re-export of the Fixed type. Stack-allocated secure secret wrapper.

This is a zero-cost wrapper for fixed-size secrets like byte arrays or primitives. The inner field is private, forcing all access through explicit methods.

Security invariants:

  • No Deref or AsRef — prevents silent access or borrowing.
  • No implicit Copy — even for [u8; N], duplication must be explicit via .clone().
  • Debug is always redacted.

§Examples

Basic usage:

use secure_gate::Fixed;
let secret = Fixed::new(42u32);
assert_eq!(*secret.expose_secret(), 42);

For byte arrays (most common):

use secure_gate::{Fixed, fixed_alias};
fixed_alias!(Aes256Key, 32);
let key_bytes = [0x42u8; 32];
let key: Aes256Key = Fixed::from(key_bytes);
assert_eq!(key.len(), 32);
assert_eq!(key.expose_secret()[0], 0x42);

With zeroize feature (automatic wipe on drop):

use secure_gate::Fixed;
let mut secret = Fixed::new([1u8, 2, 3]);
drop(secret); // memory wiped automatically

Implementations§

Source§

impl<T> Fixed<T>

Source

pub const fn new(value: T) -> Self

Wrap a value in a Fixed secret.

This is zero-cost and const-friendly.

§Example
use secure_gate::Fixed;
const SECRET: Fixed<u32> = Fixed::new(42);
Source

pub const fn expose_secret(&self) -> &T

Expose the inner value for read-only access.

This is the only way to read the secret — loud and auditable.

§Example
use secure_gate::Fixed;
let secret = Fixed::new("hunter2");
assert_eq!(secret.expose_secret(), &"hunter2");
Source

pub fn expose_secret_mut(&mut self) -> &mut T

Expose the inner value for mutable access.

This is the only way to mutate the secret — loud and auditable.

§Example
use secure_gate::Fixed;
let mut secret = Fixed::new([1u8, 2, 3]);
secret.expose_secret_mut()[0] = 42;
assert_eq!(secret.expose_secret()[0], 42);
Source§

impl<const N: usize> Fixed<[u8; N]>

§Byte-array specific helpers

Source

pub const fn len(&self) -> usize

Returns the fixed length in bytes.

This is safe public metadata — does not expose the secret.

Source

pub const fn is_empty(&self) -> bool

Returns true if the fixed secret is empty (zero-length).

This is safe public metadata — does not expose the secret.

Source

pub fn from_slice(bytes: &[u8]) -> Self

Create from a byte slice of exactly N bytes.

Panics if the slice length does not match N. For fallible construction, use TryFrom<&[u8]> instead.

§Example
use secure_gate::Fixed;
let bytes: &[u8] = &[1, 2, 3];
let secret = Fixed::<[u8; 3]>::from_slice(bytes);
assert_eq!(secret.expose_secret(), &[1, 2, 3]);
Source§

impl<const N: usize> Fixed<[u8; N]>

Constant-time equality — only available with ct-eq feature.

Source

pub fn ct_eq(&self, other: &Self) -> bool

Constant-time equality comparison.

This is the only safe way to compare two fixed-size secrets. Available only when the ct-eq feature is enabled.

§Example
use secure_gate::Fixed;
let a = Fixed::new([1u8; 32]);
let b = Fixed::new([1u8; 32]);
assert!(a.ct_eq(&b));
Source§

impl<const N: usize> Fixed<CloneableArrayInner<N>>

Source

pub const fn expose_inner(&self) -> &[u8; N]

Returns a reference to the inner array without cloning.

This method provides direct access to the wrapped [u8; N] array. The reference is valid for the lifetime of the CloneableArray.

Source

pub fn expose_inner_mut(&mut self) -> &mut [u8; N]

Returns a mutable reference to the inner array.

This method provides direct mutable access to the wrapped [u8; N] array. Use this when you need to modify the array contents in-place.

Source

pub fn init_with<F>(constructor: F) -> Self
where F: FnOnce() -> [u8; N],

Construct a cloneable array secret by building it in a closure.

Same stack-minimization benefits as CloneableString::init_with.

§Example
use secure_gate::CloneableArray;

let key = CloneableArray::<32>::init_with(|| {
    let mut arr = [0u8; 32];
    // Fill from some source...
    arr
});
Source

pub fn try_init_with<F, E>(constructor: F) -> Result<Self, E>
where F: FnOnce() -> Result<[u8; N], E>,

Fallible version of init_with.

Same stack-minimization benefits as init_with, but allows for construction that may fail with an error. Useful when reading secrets from fallible sources like files or network connections.

Trait Implementations§

Source§

impl<T: CloneSafe> Clone for Fixed<T>

Available on crate feature zeroize only.

Opt-in Clone — only for types marked CloneSafe (default no-clone).

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T> Debug for Fixed<T>

Debug implementation (always redacted).

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<const N: usize> From<[u8; N]> for Fixed<[u8; N]>

Source§

fn from(arr: [u8; N]) -> Self

Wrap a raw byte array in a Fixed secret.

Zero-cost conversion.

§Example
use secure_gate::Fixed;
let key: Fixed<[u8; 4]> = [1, 2, 3, 4].into();
Source§

impl<const N: usize> TryFrom<&[u8]> for Fixed<[u8; N]>

Implements TryFrom<&[u8]> for creating a Fixed from a byte slice of exact length.

Source§

type Error = FromSliceError

The type returned in the event of a conversion error.
Source§

fn try_from(slice: &[u8]) -> Result<Self, Self::Error>

Performs the conversion.
Source§

impl<T: Zeroize> Zeroize for Fixed<T>

Available on crate feature zeroize only.

Zeroize integration.

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl<T: Zeroize> ZeroizeOnDrop for Fixed<T>

Available on crate feature zeroize only.

Zeroize on drop integration.

Auto Trait Implementations§

§

impl<T> Freeze for Fixed<T>
where T: Freeze,

§

impl<T> RefUnwindSafe for Fixed<T>
where T: RefUnwindSafe,

§

impl<T> Send for Fixed<T>
where T: Send,

§

impl<T> Sync for Fixed<T>
where T: Sync,

§

impl<T> Unpin for Fixed<T>
where T: Unpin,

§

impl<T> UnwindSafe for Fixed<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.