Skip to main content

SecureSerialize

secure_serialize

Trait SecureSerialize 

Source 
pub trait SecureSerialize: Serialize {
    // Required methods
    fn redacted_keys() -> &'static [&'static str];
    fn to_json_unredacted(&self) -> Result<Value, Error>;

    // Provided method
    fn to_json_with_revealed_fields(
        &self,
        reveal: &[&str],
    ) -> Result<Value, Error> { ... }
}
Expand description

Trait for types that support secure serialization with automatic redaction of sensitive fields.

Implementors should derive #[derive(SecureSerialize)] to automatically generate implementations. The trait requires serde::Serialize, so all redactable types can be serialized.

When a struct is serialized via serde::Serialize, fields marked with #[redact] are replaced with redaction strings. For redacted Debug / JSON Display, add #[secure_serialize(debug)] or #[secure_serialize(display)] on the struct.

For internal operations where you need all real values, use to_json_unredacted(). To expose only a subset of redacted fields, use to_json_with_revealed_fields().

Required Methods§

Source

fn redacted_keys() -> &'static [&'static str]

Returns the names of all redacted fields in this struct.

These are the field names that will be redacted when the struct is serialized. Names are in snake_case.

Source

fn to_json_unredacted(&self) -> Result<Value, Error>

Serializes this struct to a JSON value with all real values exposed (no redaction).

⚠️ Use only for internal operations where you actually need the real sensitive values, such as config hot-reloading or merging. Never use this for display, logging, or API responses.

§Example
let config = load_config();
// Safe: this is internal config merging logic
let full_values = config.to_json_unredacted()?;

Provided Methods§

Source

fn to_json_with_revealed_fields(&self, reveal: &[&str]) -> Result<Value, Error>

Serializes this value to JSON like serde::Serialize, then replaces listed redacted fields with their real values from Self::to_json_unredacted.

Only names that appear in Self::redacted_keys() are affected. Other keys in reveal are ignored (non-redacted fields are already serialized normally). Unknown or misspelled redacted names leave the redaction placeholder in place if the key is missing from the unredacted map.

This runs two JSON serializations (redacted snapshot plus full unredacted). Prefer Self::to_json_unredacted when you need every secret, or plain serde_json::to_value when you need none.

⚠️ Security: Each revealed field exposes real sensitive data. Use only in trusted, internal code paths.

§Example
let json = config.to_json_with_revealed_fields(&["api_key"])?;
// api_key is real; other #[redact] fields stay redacted

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§