secret
API
Generated with
secret/com.geirolz.secret

com.geirolz.secret

package com.geirolz.secret

Members list

Packages

package com.geirolz.secret.strategy
package com.geirolz.secret.util

Type members

Classlikes

sealed trait DeferredSecret[F[_], T]

Specialized version of Secret that allows to defer the acquisition of the secret value. This is useful when you want to acquire the secret value only when it's needed and not before ( for instance, an HTTP call to a secret manager).

Specialized version of Secret that allows to defer the acquisition of the secret value. This is useful when you want to acquire the secret value only when it's needed and not before ( for instance, an HTTP call to a secret manager).

Use this type only when you need to defer the acquisition of the secret value. If you have the secret value at the moment of the creation of the DeferredSecret use the Secret type instead.

Type parameters

F

effect type

T

secret type

Attributes

Companion
object
Supertypes
class Object
trait Matchable
class Any
object DeferredSecret

Attributes

Companion
trait
Supertypes
class Object
trait Matchable
class Any
Self type
final class OneShotSecret[T]

A OneShotSecret is a secret that can be used only once.

A OneShotSecret is a secret that can be used only once.

After the first use, the secret is destroyed.

Type parameters

T

type of the secret

Attributes

Companion
object
Supertypes
trait AutoCloseable
class Object
trait Matchable
class Any
object OneShotSecret

Attributes

Companion
class
Supertypes
class Object
trait Matchable
class Any
Self type
sealed abstract class Secret[T]

Memory-safe and type-safe secret value of type T.

Memory-safe and type-safe secret value of type T.

Secret does the best to avoid leaking information in memory and in the code BUT an attack is possible and I don't give any certainties or guarantees about security using this class, you use it at your own risk. Code is open source, you can check the implementation and take your decision consciously. I'll do my best to improve the security and documentation of this class.

Obfuscation

The value is obfuscated when creating the Secret instance using the given SecretStrategy which, by default, transform the value into a xor-ed ByteBuffer witch store bytes outside the JVM using direct memory access.

The obfuscated value is de-obfuscated using the given SecretStrategy instance every time the method use is invoked which returns the original value converting bytes back to T re-apply the xor.

API and Type safety

While obfuscating the value prevents or at least makes it harder to read the value from memory, Secret class API are designed to avoid leaking information in other ways. Preventing developers to improperly use the secret value ( logging, etc...).

Example

 val secretString: Secret[String]  = Secret("my_password")
 val database: F[Database]         = secretString.use(password => initDb(password))

Attributes

Companion
object
Supertypes
trait AutoCloseable
class Object
trait Matchable
class Any
object Secret

Attributes

Companion
class
Supertypes
class Object
trait Matchable
class Any
Self type
Secret.type
case class SecretDestroyed(destructionLocation: Location) extends RuntimeException, NoStackTrace

Attributes

Companion
object
Supertypes
trait Product
trait Equals
trait NoStackTrace
class RuntimeException
class Exception
class Throwable
trait Serializable
class Object
trait Matchable
class Any
Show all
object SecretDestroyed

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type

Types

type KeyBuffer = ByteBuffer
type ObfuscatedValueBuffer = ByteBuffer
type PlainValueBuffer = ByteBuffer
Generated with