secure_types::string

Struct SecureString

Source 
pub struct SecureString { /* private fields */ }
Expand description

A securely allocated, growable UTF-8 string, analogous to std::string::String.

It is a wrapper around SecureVec<u8> and inherits all of its security guarantees, ensuring that sensitive string data like passwords, API keys, or personal information is handled with care.

§Security Model

SecureString enforces the same security model as SecureVec:

  • Zeroization on Drop: The string’s buffer is securely wiped clean.
  • Memory Locking & Encryption: When the std feature is enabled, the buffer is protected against OS-level spying via disk swaps or memory inspection tools.

Access to the string contents is provided through scoped methods like str_scope, which ensure the memory is only unlocked for the briefest possible time.

§Security Considerations

While the crate protects the memory, you must still be careful not to leak the data. For example, creating a new, unsecured String from the unlocked slice and returning it from the scope would leak the sensitive data if not handled correctly.

§Examples

use secure_types::SecureString;

// Create a SecureString
let mut secret = SecureString::from("my_super_secret");

// The memory is locked here

// Safely append more data.
secret.push_str("_password");

// The memory is locked here.

// Use a scope to safely access the content as a &str.
secret.str_scope(|exposed_str| {
    assert_eq!(exposed_str, "my_super_secret_password");
});

// When `secret` is dropped, its data zeroized.

Implementations§

Source§

impl SecureString

Source

pub fn new() -> Result<Self, Error>

Source

pub fn new_with_capacity(capacity: usize) -> Result<Self, Error>

Source

pub fn erase(&mut self)

Source

pub fn len(&self) -> usize

Source

pub fn drain(&mut self, range: Range<usize>)

Source

pub fn char_len(&self) -> usize

Source

pub fn push_str(&mut self, string: &str)

Push a &str into the SecureString

Source

pub fn str_scope<F, R>(&self, f: F) -> R
where F: FnOnce(&str) -> R,

Access the SecureString as &str

§Use with caution

You can actually return a new allocated String from this function

If you do that you are responsible for zeroizing its contents

Source

pub fn mut_scope<F, R>(&mut self, f: F) -> R
where F: FnOnce(&mut SecureString) -> R,

Mutable access to the SecureString

§Use with caution

You can actually return a new allocated String from this function

If you do that you are responsible for zeroizing its contents

Source

pub fn insert_text_at_char_idx( &mut self, char_idx: usize, text_to_insert: &str, ) -> usize

Source

pub fn delete_text_char_range(&mut self, char_range: Range<usize>)

Trait Implementations§

Source§

impl Clone for SecureString

Source§

fn clone(&self) -> SecureString

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl From<&str> for SecureString

Source§

fn from(s: &str) -> SecureString

Converts to this type from the input type.
Source§

impl From<SecureVec<u8>> for SecureString

Source§

fn from(vec: SecureVec<u8>) -> Self

Converts to this type from the input type.
Source§

impl From<String> for SecureString

Source§

fn from(s: String) -> SecureString

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.