Skip to main content

Crate secure_gate

Crate secure_gate 

Source
Expand description

secure-gate — Secure secret wrappers with explicit access & automatic zeroization

Secrets are automatically zeroized on drop (the inner type must implement Zeroize). Explicit access only via RevealSecret/RevealSecretMut — no Deref, no accidental leaks. Debug always prints [REDACTED].

  • Fixed<T> — stack-allocated, compile-time-sized secrets (keys, nonces, tokens)
  • Dynamic<T> — heap-allocated, variable-length secrets (passwords, API keys, ciphertexts)

§Feature flags

  • alloc (default): Heap-allocated Dynamic<T> + full zeroization of spare capacity
  • std: Full std support (implies alloc)
  • ct-eq: ConstantTimeEq constant-time equality (subtle)
  • rand: from_random() via OsRng, from_rng() for custom TryCryptoRng + TryRngCore; no_std compatible for Fixed<T> (no heap required)
  • cloneable: CloneableSecret opt-in cloning
  • serde-serialize / serde-deserialize: Serde support
  • encoding-hex / encoding-base64 / encoding-bech32 / encoding-bech32m: Per-format encoding
  • full: All features

§no_std

no_std compatible. Fixed<T> works without alloc. Enable alloc (default) for Dynamic<T>. For pure stack / embedded builds, use default-features = false.

See the README and SECURITY.md for full details.

Re-exports§

pub use traits::CloneableSecret;
pub use traits::ConstantTimeEq;
pub use traits::RevealSecret;
pub use traits::RevealSecretMut;
pub use traits::SerializableSecret;
pub use traits::FromBase64UrlStr;
pub use traits::FromBech32Str;
pub use traits::FromBech32mStr;
pub use traits::FromHexStr;
pub use traits::ToBase64Url;
pub use traits::ToBech32;
pub use traits::ToBech32m;
pub use traits::ToHex;
pub use traits::SecureDecoding;
pub use traits::SecureEncoding;

Modules§

compat
secrecy compatibility layers — drop-in replacements for the secrecy crate.
traits
Core traits for wrapper polymorphism - always available. Traits for polymorphic secret handling.

Macros§

dynamic_alias
Creates a type alias for Dynamic<T>.
dynamic_generic_alias
Creates a generic type alias Name<T> for Dynamic<T>.
fixed_alias
Creates a type alias for Fixed<[u8; N]>.
fixed_generic_alias
Creates a const-generic type alias Name<const N: usize> for Fixed<[u8; N]>.

Structs§

Dynamic
Heap-allocated secret wrapper with explicit access and automatic zeroization on drop.
Fixed
Stack-allocated secret wrapper with explicit access and automatic zeroization on drop.

Enums§

Base64Error
Errors produced when decoding base64url strings.
Bech32Error
Errors produced when decoding Bech32 (BIP-173) or Bech32m (BIP-350) strings.
DecodingError
Unified error type for multi-format decoding operations.
FromSliceError
Error returned when a byte slice cannot be converted to a fixed-size array.
HexError
Errors produced when decoding hexadecimal strings.

Constants§

MAX_DESERIALIZE_BYTES
Default maximum byte length for Dynamic<Vec<u8>> / Dynamic<String> deserialization (1 MiB).