Module secure 

Utilities for handling sensitive data that must be zeroed from memory on drop.

This module provides:

• Re-exports of zeroize crate fundamentals (Zeroize, ZeroizeOnDrop, Zeroizing) so that downstream crates can depend on mz-ore alone.

• SecureString: a String wrapper that is zeroed on drop and redacted in Debug/Display output. Use for passwords, tokens, and credentials.

• SecureVec: a Vec<u8> wrapper that is zeroed on drop and redacted in Debug/Display output. Use for raw key material and secret bytes.

When to use

Use these types whenever a value contains secret material (passwords, keys, tokens, salts, nonces) that should not linger in process memory after use.

Examples

use mz_ore::secure::{SecureString, SecureVec, Zeroizing};

// Wrap a password — zeroed on drop, redacted in logs
let password = SecureString::from("hunter2");
assert_eq!(password.unsecure(), "hunter2");
assert!(!format!("{:?}", password).contains("hunter2"));

// Wrap raw key bytes
let key = SecureVec::from(vec![0xDE, 0xAD, 0xBE, 0xEF]);
assert_eq!(key.unsecure(), &[0xDE, 0xAD, 0xBE, 0xEF]);

// Use Zeroizing<T> for temporary buffers
let buf = Zeroizing::new([0u8; 32]);

Structs

SecureString

A String that is zeroed from memory on drop and redacted in Debug/Display output.

SecureVec

A Vec<u8> that is zeroed from memory on drop and redacted in Debug/Display output.

Zeroizing

Zeroizing is a a wrapper for any Z: Zeroize type which implements a Drop handler which zeroizes dropped values.

Traits

Zeroize

Trait for securely erasing values from memory.

ZeroizeOnDrop

Marker trait signifying that this type will Zeroize::zeroize itself on Drop.

Derive Macros

Zeroize

Derive the Zeroize trait.

ZeroizeOnDrop

Derive the ZeroizeOnDrop trait.