understanding the statement in the readem about serialize

[8de2fdb0]

regarding:

Since serialization can expose the enclosed secret it is only possible to implement Serialize ....

Why can serialize expose the secret?

Can't you implement serialize without exposing the secret ?

https://serde.rs/impl-serialize.html

Maybe I am missing something but if I can't manipulate how serialize gets or gets not access to the secret that limits the scope of this crate a lot.

[eopb]

Hi 👋

The goal is to make it difficult to expose secrets without doing so explicitly via expose_secret.

#[derive(Serialize)]
struct Test {
    #[serde(serialize_with = "expose_secret")]
    field: Secret<String>,
}

let to_serialize = Test {
    field: Secret::from("hello"),
};

let serialized = serde_json::to_string(&to_serialize).unwrap();

assert_eq!(serialized, r#"{"field":"hello"}"#)

Using expose_secret to implement Serialize is nice since it enables you to Deserialize your Serialized data back into the original type. This is the use case that serialize_with = "expose_secret" is designed for. I Serialize data before sending it over the wire. The data I send over the wire is always sensitive, I never log it. It needs to contain sensitive data so it can be useful to the service receiving it. redact gives me confidence since I know the data won't be unintentionally logged with Debug.

Can't you implement serialize without exposing the secret?

Your use case is a little different from mine. I'd like to understand why you're interested in serializing data without exposing the secret?

expose_secret isn't very special. You can write your own serialize_with = "redacted" version that does not expose the secret like this.

pub fn redacted<S: Serializer, T>(
    secret: &Secret<T>,
    serializer: S,
) -> Result<S::Ok, S::Error> {
    format!("{secret:?}").serialize(serializer)
}

#[derive(Serialize)]
struct Test {
    #[serde(serialize_with = "redacted")]
    field: Secret<String>,
}

let to_serialize = Test {
    field: Secret::from("hello"),
};

let serialized = serde_json::to_string(&to_serialize).unwrap();

assert_eq!(
    serialized,
    r#"{"field":"[REDACTED alloc::string::String]"}"#
)

Doing this would prevent you from Deserializeing back into your original type since the required data from the original type has been redacted.

If that's something that would be useful to you, I'd be happy to include it in redact for convenience.

[8de2fdb0]

Yes my use case is to prevent secrets ending up in formatted log entries (serde_json).
And of course also not formatted log entries that use display or debug.

Thanks for the explanation, and the example.

[eopb]

Thanks for sharing your use case. I've opened #45 to add the connivance function for anyone else with similar requirements.

Do open another issue/discussion if you run into any other questions using redact :)