#clear #memory #secret #secure #wipe

no-std secrecy

Wrapper types and traits for secret management which help ensure they aren’t accidentally copied, logged, or otherwise exposed (as much as possible), and also ensure secrets are securely wiped from memory when dropped

14 releases (7 breaking)

0.7.0 Jul 8, 2020
0.6.0 Dec 12, 2019
0.5.2 Dec 18, 2019
0.5.1 Nov 30, 2019
0.0.0 Oct 4, 2018

#81 in Cryptography

Download history 11731/week @ 2020-10-02 11715/week @ 2020-10-09 13150/week @ 2020-10-16 13618/week @ 2020-10-23 11105/week @ 2020-10-30 11562/week @ 2020-11-06 11876/week @ 2020-11-13 12796/week @ 2020-11-20 12866/week @ 2020-11-27 11531/week @ 2020-12-04 11860/week @ 2020-12-11 9372/week @ 2020-12-18 7231/week @ 2020-12-25 11311/week @ 2021-01-01 15396/week @ 2021-01-08 12804/week @ 2021-01-15

44,924 downloads per month
Used in 243 crates (25 directly)

Apache-2.0 OR MIT

511 lines

secrecy.rs 🤐 iqlusion

Crate Docs Apache 2.0/MIT Licensed MSRV Safety Dance Build Status Gitter Chat

A simple secret-keeping library for Rust.



secrecy is a simple, safe (i.e. forbid(unsafe_code) library which provides wrapper types and traits for secret management in Rust, namely the Secret<T> type for wrapping another value in a "secret cell" which attempts to limit exposure (only available through a special ExposeSecret trait).

This helps to ensure secrets aren't accidentally copied, logged, or otherwise exposed (as much as possible), and also ensures secrets are securely wiped from memory when dropped.

Minimum Supported Rust Version

  • Rust 1.39

serde support

Optional serde support for parsing owned secret values is available, gated under the serde cargo feature.

It uses the Deserialize and DeserializeOwned traits to implement deserializing secret types which also impl these traits.

This doesn't guarantee serde (or code providing input to serde) won't accidentally make additional copies of the secret, but does the best it can with what it is given and tries to minimize risk of exposure as much as possible.


secrecy is distributed under the terms of either the MIT license or the Apache License (Version 2.0), at your option.

See LICENSE (Apache License, Version 2.0) file in the iqlusioninc/crates toplevel directory of this repository or LICENSE-MIT for details.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.