Struct rocket::config::SecretKey

source · 
pub struct SecretKey { /* private fields */ }
Available on crate feature secrets only.
Expand description

A cryptographically secure secret key.

A SecretKey is primarily used by private cookies. See the configuration guide for further details. It can be configured from 256-bit random material or a 512-bit master key, each as either a base64-encoded string or raw bytes.

use rocket::config::Config;

// NOTE: Don't (!) use this key! Generate your own and keep it private!
//       e.g. via `head -c64 /dev/urandom | base64`
let figment = Config::figment()
    .merge(("secret_key", "hPrYyЭRiMyµ5sBB1π+CMæ1køFsåqKvBiQJxBVHQk="));

let config = Config::from(figment);
assert!(!config.secret_key.is_zero());

When configured in the debug profile with the secrets feature enabled, a key set as 0 is automatically regenerated at launch time from the OS’s random source if available.

use rocket::config::Config;
use rocket::local::blocking::Client;

let figment = Config::figment()
    .merge(("secret_key", vec![0u8; 64]))
    .select("debug");

let rocket = rocket::custom(figment);
let client = Client::tracked(rocket).expect("okay in debug");
assert!(!client.rocket().config().secret_key.is_zero());

When running in any other profile with the secrets feature enabled, providing a key of 0 or not provided a key at all results in a failure at launch-time:

use rocket::config::Config;
use rocket::figment::Profile;
use rocket::local::blocking::Client;
use rocket::error::ErrorKind;

let profile = Profile::const_new("staging");
let figment = Config::figment()
    .merge(("secret_key", vec![0u8; 64]))
    .select(profile.clone());

let rocket = rocket::custom(figment);
let error = Client::tracked(rocket).expect_err("failure in non-debug");
assert!(matches!(error.kind(), ErrorKind::InsecureSecretKey(profile)));

Implementations§

source§

impl SecretKey

source

pub fn from(master: &[u8]) -> SecretKey

Creates a SecretKey from a 512-bit master key. For security, master must be cryptographically random.

Panics

Panics if master < 64 bytes.

Example
use rocket::config::SecretKey;

let key = SecretKey::from(&master);
source

pub fn derive_from(material: &[u8]) -> SecretKey

Derives a SecretKey from 256 bits of cryptographically random material. For security, material must be cryptographically random.

Panics

Panics if material < 32 bytes.

Example
use rocket::config::SecretKey;

let key = SecretKey::derive_from(&material);
source

pub fn generate() -> Option<SecretKey>

Attempts to generate a SecretKey from randomness retrieved from the OS. If randomness from the OS isn’t available, returns None.

Example
use rocket::config::SecretKey;

let key = SecretKey::generate();
source

pub fn is_zero(&self) -> bool

Returns true if self is the 0-key.

Example
use rocket::config::SecretKey;

let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(key.is_zero());
source

pub fn is_provided(&self) -> bool

Returns true if self was not automatically generated and is not zero.

Example
use rocket::config::SecretKey;

let master = vec![0u8; 64];
let key = SecretKey::generate().unwrap();
assert!(!key.is_provided());

let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(!key.is_provided());

Trait Implementations§

source§

impl Clone for SecretKey

source§

fn clone(&self) -> SecretKey

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for SecretKey

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de> Deserialize<'de> for SecretKey

source§

fn deserialize<D: Deserializer<'de>>(de: D) -> Result<Self, D::Error>

Deserialize this value from the given Serde deserializer. Read more
source§

impl Display for SecretKey

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'r> FromRequest<'r> for &'r SecretKey

§

type Error = Infallible

The associated error to be returned if derivation fails.
source§

fn from_request<'life0, 'async_trait>( req: &'r Request<'life0> ) -> Pin<Box<dyn Future<Output = Outcome<Self, Self::Error>> + Send + 'async_trait>>where Self: 'async_trait, 'r: 'async_trait, 'life0: 'async_trait,

Derives an instance of Self from the incoming request metadata. Read more
source§

impl PartialEq<SecretKey> for SecretKey

source§

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T> AsTaggedExplicit<'a> for Twhere T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>

§

impl<'a, T> AsTaggedImplicit<'a> for Twhere T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32 ) -> TaggedParser<'a, Implicit, Self>

source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> IntoCollection<T> for T

§

fn into_collection<A>(self) -> SmallVec<A>where A: Array<Item = T>,

Converts self into a collection.
§

fn mapped<U, F, A>(self, f: F) -> SmallVec<A>where F: FnMut(T) -> U, A: Array<Item = U>,

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T> ToString for Twhere T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

impl<T> DeserializeOwned for Twhere T: for<'de> Deserialize<'de>,