Module hex 

Hexadecimal encoding trait.

Import path: use secure_gate::ToHex;

This trait provides secure, explicit encoding of byte data to lowercase (or uppercase) hexadecimal strings. It is intended for intentional export only (QR codes, audited logs, API responses).

Requires the encoding-hex feature.

Security Notes

• Full secret exposure: The resulting string contains the entire secret. Always treat output as sensitive; do not log or persist without protection.
• Zeroizing variants: to_hex_zeroizing() / to_hex_upper_zeroizing() return [EncodedSecret] (wrapping Zeroizing<String> with redacted Debug). Prefer these when the encoded form itself is sensitive.
• Audit visibility: Direct calls (key.to_hex() / key.to_hex_upper()) do not appear in grep expose_secret / grep with_secret audit sweeps. For audit-first teams or multi-step operations, prefer with_secret(|b| b.to_hex()) — the borrow checker enforces the reference cannot escape the closure.
• Treat all input as untrusted: validate hex strings upstream before wrapping in secrets.

Example

use secure_gate::{Fixed, ToHex, RevealSecret};
{
let secret = Fixed::new([0x0au8, 0x0bu8, 0x0cu8, 0x0du8]);

// Blanket impl on the inner byte array (via with_secret):
let hex = secret.with_secret(|s| s.to_hex());
assert_eq!(hex, "0a0b0c0d");

let hex_upper = secret.with_secret(|s| s.to_hex_upper());
assert_eq!(hex_upper, "0A0B0C0D");

// Wrapper method (Direct Fixed<[u8; N]> API — same result):
assert_eq!(secret.to_hex(), "0a0b0c0d");
}

Traits

ToHex

Extension trait for encoding byte data as hexadecimal strings.