pub struct SecretKey { /* private fields */ }
secrets
only.Expand description
A cryptographically secure secret key.
A SecretKey
is primarily used by private cookies. See the configuration
guide for further details. It can be configured from 256-bit random
material or a 512-bit master key, each as either a base64-encoded string or
raw bytes.
use rocket::config::Config;
// NOTE: Don't (!) use this key! Generate your own and keep it private!
// e.g. via `head -c64 /dev/urandom | base64`
let figment = Config::figment()
.merge(("secret_key", "hPrYyЭRiMyµ5sBB1π+CMæ1køFsåqKvBiQJxBVHQk="));
let config = Config::from(figment);
assert!(!config.secret_key.is_zero());
When configured in the debug profile with the secrets
feature enabled, a
key set as 0
is automatically regenerated at launch time from the OS’s
random source if available.
use rocket::config::Config;
use rocket::local::blocking::Client;
let figment = Config::figment()
.merge(("secret_key", vec![0u8; 64]))
.select("debug");
let rocket = rocket::custom(figment);
let client = Client::tracked(rocket).expect("okay in debug");
assert!(!client.rocket().config().secret_key.is_zero());
When running in any other profile with the secrets
feature enabled,
providing a key of 0
or not provided a key at all results in a failure at
launch-time:
use rocket::config::Config;
use rocket::figment::Profile;
use rocket::local::blocking::Client;
use rocket::error::ErrorKind;
let profile = Profile::const_new("staging");
let figment = Config::figment()
.merge(("secret_key", vec![0u8; 64]))
.select(profile.clone());
let rocket = rocket::custom(figment);
let error = Client::tracked(rocket).expect_err("failure in non-debug");
assert!(matches!(error.kind(), ErrorKind::InsecureSecretKey(profile)));
Implementations§
source§impl SecretKey
impl SecretKey
sourcepub fn derive_from(material: &[u8]) -> SecretKey
pub fn derive_from(material: &[u8]) -> SecretKey
sourcepub fn generate() -> Option<SecretKey>
pub fn generate() -> Option<SecretKey>
Attempts to generate a SecretKey
from randomness retrieved from the
OS. If randomness from the OS isn’t available, returns None
.
Example
use rocket::config::SecretKey;
let key = SecretKey::generate();
sourcepub fn is_zero(&self) -> bool
pub fn is_zero(&self) -> bool
Returns true
if self
is the 0
-key.
Example
use rocket::config::SecretKey;
let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(key.is_zero());
sourcepub fn is_provided(&self) -> bool
pub fn is_provided(&self) -> bool
Returns true
if self
was not automatically generated and is not zero.
Example
use rocket::config::SecretKey;
let master = vec![0u8; 64];
let key = SecretKey::generate().unwrap();
assert!(!key.is_provided());
let master = vec![0u8; 64];
let key = SecretKey::from(&master);
assert!(!key.is_provided());
Trait Implementations§
source§impl<'de> Deserialize<'de> for SecretKey
impl<'de> Deserialize<'de> for SecretKey
source§fn deserialize<D: Deserializer<'de>>(de: D) -> Result<Self, D::Error>
fn deserialize<D: Deserializer<'de>>(de: D) -> Result<Self, D::Error>
source§impl<'r> FromRequest<'r> for &'r SecretKey
impl<'r> FromRequest<'r> for &'r SecretKey
§type Error = Infallible
type Error = Infallible
Auto Trait Implementations§
impl RefUnwindSafe for SecretKey
impl Send for SecretKey
impl Sync for SecretKey
impl Unpin for SecretKey
impl UnwindSafe for SecretKey
Blanket Implementations§
§impl<'a, T> AsTaggedExplicit<'a> for Twhere
T: 'a,
impl<'a, T> AsTaggedExplicit<'a> for Twhere T: 'a,
§impl<'a, T> AsTaggedImplicit<'a> for Twhere
T: 'a,
impl<'a, T> AsTaggedImplicit<'a> for Twhere T: 'a,
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
§impl<T> IntoCollection<T> for T
impl<T> IntoCollection<T> for T
§fn into_collection<A>(self) -> SmallVec<A>where
A: Array<Item = T>,
fn into_collection<A>(self) -> SmallVec<A>where A: Array<Item = T>,
self
into a collection.