There is currently no utilities being used to guard against mismanagement of secrets within the source code. Maintaining confidentiality is highly fragile, requiring all code dealing with secrets to not have any logic errors.
Ideally, we would be able to depend on the compiler to catch any errors we make, and to require a conscious decision to use an escape-hatch (such as using unsafe as appropriate.
e.g.
// returns an error if entropy is too low
let secret = Password::new("hunter2")?;
// prints out "[redacted]", or something
println!("{}", secret);
//prints out "hunter2"
println!("{}", unsafe {secret.reveal()});
This example is specific to password. A better solution might involve a generic wrapper that provides a similar interface.
Ben-PH
commented
1 year ago
There is currently no utilities being used to guard against mismanagement of secrets within the source code. Maintaining confidentiality is highly fragile, requiring all code dealing with secrets to not have any logic errors.
Ideally, we would be able to depend on the compiler to catch any errors we make, and to require a conscious decision to use an escape-hatch (such as using
unsafeas appropriate. e.g.This example is specific to password. A better solution might involve a generic wrapper that provides a similar interface.