Skip to content

Use safer approach for passphrase handling

David Runge requested to merge nethsm/secrecy into main
  • Use a dedicated Passphrase type which wraps secrecy::SecretString, so that passphrases can be handled safely and only be passed as plain String when really required.

  • Introduce a Credentials type which carries a user ID and passphrase for API connections.

  • Defer the creation of the connection Configuration to right before when it is used, so that Credentials are only ever passed in at that point in time. This prevents the Passphrase from being turned into a String for the lifetime of the NetHsm. Consequently we are now storing all available Credentials in a HashMap and refer to the current Credentials by String (matching a key in the HashMap). The required Agent and Url are now also members of the NetHsm struct and the latter can be set using the NetHsm::set_url function.

  • As a drive-by change the NetHsm::set_url function now takes a nethsm::Url instead of a String.

  • Instead of using stacked fixtures for the containers and accompanying NetHsm instances, use dedicated fixtures. This prevents containers hanging during tests, as the NetHsm reuses the same connection properties if more than one container is used per test.

cc @demize @rgacogne

Merge request reports