com.geirolz.secret
Members list
Type members
Classlikes
Specialized version of Secret
that allows to defer the acquisition of the secret value. This is useful when you want to acquire the secret value only when it's needed and not before ( for instance, an HTTP call to a secret manager).
Specialized version of Secret
that allows to defer the acquisition of the secret value. This is useful when you want to acquire the secret value only when it's needed and not before ( for instance, an HTTP call to a secret manager).
Use this type only when you need to defer the acquisition of the secret value. If you have the secret value at the moment of the creation of the DeferredSecret
use the Secret
type instead.
Type parameters
- F
-
effect type
- T
-
secret type
Attributes
- Companion
- object
- Supertypes
-
class Objecttrait Matchableclass Any
Attributes
- Companion
- trait
- Supertypes
-
class Objecttrait Matchableclass Any
- Self type
-
DeferredSecret.type
A OneShotSecret
is a secret that can be used only once.
A OneShotSecret
is a secret that can be used only once.
After the first use, the secret is destroyed.
Type parameters
- T
-
type of the secret
Attributes
- Companion
- object
- Supertypes
-
trait AutoCloseableclass Objecttrait Matchableclass Any
Attributes
- Companion
- class
- Supertypes
-
class Objecttrait Matchableclass Any
- Self type
-
OneShotSecret.type
Memory-safe and type-safe secret value of type T
.
Memory-safe and type-safe secret value of type T
.
Secret
does the best to avoid leaking information in memory and in the code BUT an attack is possible and I don't give any certainties or guarantees about security using this class, you use it at your own risk. Code is open source, you can check the implementation and take your decision consciously. I'll do my best to improve the security and documentation of this class.
Obfuscation
The value is obfuscated when creating the Secret
instance using the given SecretStrategy
which, by default, transform the value into a xor-ed ByteBuffer
witch store bytes outside the JVM using direct memory access.
The obfuscated value is de-obfuscated using the given SecretStrategy
instance every time the method use
is invoked which returns the original value converting bytes back to T
re-apply the xor.
API and Type safety
While obfuscating the value prevents or at least makes it harder to read the value from memory, Secret class API are designed to avoid leaking information in other ways. Preventing developers to improperly use the secret value ( logging, etc...).
Example
val secretString: Secret[String] = Secret("my_password")
val database: F[Database] = secretString.use(password => initDb(password))
Attributes
- Companion
- object
- Supertypes
-
trait AutoCloseableclass Objecttrait Matchableclass Any
Attributes
- Companion
- object
- Supertypes
-
trait Producttrait Equalstrait NoStackTraceclass RuntimeExceptionclass Exceptionclass Throwabletrait Serializableclass Objecttrait Matchableclass AnyShow all
Attributes
- Companion
- class
- Supertypes
-
trait Producttrait Mirrorclass Objecttrait Matchableclass Any
- Self type
-
SecretDestroyed.type