🔐 secret-lib

Cross-platform, asynchronous Rust library to retrieve secrets from different sources.

Features

• Can retrieve secret from shell commands using process-lib
• Can retrieve secret from users' global keyring using process-lib
• Can retrieve secret from raw strings (not safe, for testing purpose)
• Supports tokio and async-std async runtimes
• Supports rustls and openssl crypto libs
• Supports serde (de)serialization from/to String

The library comes with 8 cargo features, including 4 default ones:

• tokio: enables the tokio async runtime
• async-std: enables the async-std async runtime
• rustls: enables the rustls crypto
• openssl: enables the openssl crypto
• command: enables the command-based secret backend
• keyring: enables the keyring-based secret backend
• derive: enables serde support
• vendored: compiles and statically link to a copy of non-Rust vendors like OpenSSL

Example

use secret::{keyring::KeyringEntry, Secret};

#[tokio::main]
async fn main() {
    // raw secret

    let mut secret = Secret::new_raw("secret");
    assert_eq!(secret.get().await.unwrap(), "secret");

    // shell command secret

    let mut secret = Secret::new_command("echo 'secret'");
    assert_eq!(secret.get().await.unwrap(), "secret");

    // keyring secret

    let entry = KeyringEntry::try_new("key")
        .unwrap()
        .try_with_secret("secret")
        .await
        .unwrap();
    let mut secret = Secret::new_keyring_entry(entry);
    assert_eq!(secret.get().await.unwrap(), "secret");
}

See the full API documentation on docs.rs.

Sponsoring

Special thanks to the NLnet foundation and the European Commission that helped the project to receive financial support from various programs:

• NGI Assure in 2022
• NGI Zero Entrust in 2023
• NGI Zero Core in 2024 (still ongoing)

If you appreciate the project, feel free to donate using one of the following providers: