Crate bitwarden_sensitive_value 

Bitwarden Sensitive Value

Provides the Sensitive<T>, SensitiveString wrapper types and aliases (MasterPassword, Pin) used to mark values as secret and prevent accidental logging.

NOT A PUBLIC API

Please note that this is currently NOT public API and other teams should not currently rely on this as there are no stability guarantees. There is currently no support for external usages!

Modules

sensitive 🔒

sensitive_slice 🔒

sensitive_string 🔒

types 🔒

Structs

Sensitive

A wrapper type that marks the inner value as secret. This is used to prevent accidental logging of secrets by overriding the Debug and Display implementations to redact the value. This redaction can be bypassed by enabling the dangerous-crypto-debug feature.

SensitiveString

FFI-friendly concrete wrapper around a sensitive String. This is the type exposed across the UniFFI / WASM boundary; bindings see it as an opaque tagged string. Debug and Display delegate to the inner Sensitive, so output is redacted unless dangerous-crypto-debug is enabled.

Constants

UNIFFI_META_CONST_NAMESPACE_BITWARDEN_SENSITIVE_VALUE 🔒

Export namespace metadata.

Traits

ExposeSensitive

A trait for types that can expose their inner secret value. This is implemented for Sensitive<T> and can be implemented for other wrapper types as needed. The expose and expose_owned methods are intentionally explicit and require justification in comments to prevent accidental misuse.

Type Aliases

MasterPassword

A master password. Wrapped to prevent accidental logging.

Pin

A PIN. Wrapped to prevent accidental logging.

SensitiveSlice

A zero-copy view over a borrowed slice of secret bytes. Wrapping a &[u8] borrows the underlying buffer instead of cloning it, so the wrapper is bound by the borrow’s lifetime 'a and cannot outlive the data it points at. Debug/Display are redacted via the inner Sensitive.