Expand description
Core traits for wrapper polymorphism - always available. Traits for polymorphic secret handling.
Note: All traits in this module are re-exported at the crate root (
secure_gate::RevealSecret, notsecure_gate::traits::RevealSecret). You should never need to import fromsecure_gate::traits::*directly.
This module defines the core traits that enable generic, zero-cost, and secure
operations across different secret wrapper types (Fixed<T>, Dynamic<T>, etc.).
These traits allow writing polymorphic code that preserves strong security invariants:
explicit access, controlled mutability, timing safety, and opt-in risk features.
§Core Traits
| Trait | Purpose | Requires Feature | Notes |
|---|---|---|---|
RevealSecret | Read-only scoped / direct access + metadata | Always available | Preferred: with_secret (scoped); escape hatch: expose_secret |
RevealSecretMut | Mutable scoped / direct access | Always available | Same preference: with_secret_mut over expose_secret_mut |
ConstantTimeEq | Deterministic constant-time equality | ct-eq | Timing-attack resistant byte comparison |
CloneableSecret | Opt-in marker for safe cloning | cloneable | Requires explicit impl on inner type; zeroize preserved. See SECURITY.md for opt-in risk details. |
SerializableSecret | Opt-in marker for Serde serialization | serde-serialize | Serialization exposes secret — use with extreme caution. See SECURITY.md for opt-in risk details. |
SecureEncoding | Marker + blanket impl for encoding traits | Any encoding-* | Enables ToHex, ToBase64Url, ToBech32, ToBech32m |
SecureDecoding | Marker + blanket impl for decoding traits | Any encoding-* | Enables FromHexStr, FromBase64UrlStr, FromBech32Str, etc. |
§Security Guarantees
- No implicit access — All secret data access requires explicit trait methods
- Scoped preference —
with_secret/with_secret_mutlimit borrow lifetime - Zero-cost — All methods use
#[inline(always)]where possible - Timing safety —
ConstantTimeEqprovides constant-time equality - Opt-in risk — Cloning and serialization require deliberate marker impls
- Read-only enforcement — Encoding wrappers and random types only expose immutable access
§Feature Gates
Some traits are only available when their corresponding Cargo features are enabled:
ct-eq→ConstantTimeEqcloneable→CloneableSecretserde-serialize→SerializableSecretencoding-*→SecureEncoding,SecureDecoding, and per-format traits
The encoding traits (ToHex, FromHexStr, etc.) are re-exported from submodules for convenience.
See individual trait docs for detailed usage and examples.
Re-exports§
pub use revealed_secrets::InnerSecret;pub use revealed_secrets::EncodedSecret;pub use reveal_secret::RevealSecret;pub use reveal_secret_mut::RevealSecretMut;pub use constant_time_eq::ConstantTimeEq;pub use decoding::FromBase64UrlStr;pub use decoding::FromBech32Str;pub use decoding::FromBech32mStr;pub use decoding::FromHexStr;pub use encoding::ToBase64Url;pub use encoding::ToBech32;pub use encoding::ToBech32m;pub use encoding::ToHex;pub use cloneable_secret::CloneableSecret;pub use serializable_secret::SerializableSecret;
Modules§
- cloneable_
secret - Opt-in marker trait for safe, explicit cloning of secrets.
- constant_
time_ eq - Constant-time equality comparison for cryptographic secrets.
- decoding
- Decoding traits for explicit string-to-bytes conversion.
- encoding
- Encoding traits for explicit secret-to-string conversion.
- reveal_
secret - Traits for controlled, polymorphic secret revelation.
- reveal_
secret_ mut - Traits for mutable secret revelation.
- revealed_
secrets - Owned wrapper types that complete the reveal model (Tier 3 owned consumption).
- serializable_
secret - Opt-in marker trait for safe, explicit Serde serialization of secrets.
Traits§
- Secure
Decoding - Marker trait for types that support secure decoding operations.
- Secure
Encoding - Marker trait for types that support secure encoding operations.