Trait SecretField 

pub trait SecretField {
    // Required methods
    fn mask(&mut self);
    fn restore_from(&mut self, current: &Self);
    fn encrypt_in_place(
        &mut self,
        store: &SecretStore,
        field: &str,
    ) -> Result<()>;
    fn decrypt_in_place(
        &mut self,
        store: &SecretStore,
        field: &str,
    ) -> Result<()>;
    fn is_set(&self) -> bool;
}

Per-field secret operations the Configurable derive emits for every #[secret] field. Generalizes mask / restore / encrypt / decrypt / is_set across the supported shapes — String, Option<String>, Vec<String>, HashMap<String, String>, and Option<HashMap<String, String>> — so adding a new shape is a single trait impl rather than a fourth branch in the macro.

encrypt_in_place and decrypt_in_place are idempotent: encrypting an already-enc2:-prefixed value or decrypting a plaintext value is a no-op, detected via crate::security::SecretStore::is_encrypted. The field argument is the dotted config-path (e.g. mcp.servers); the impls suffix per-element coordinates ([<idx>] for Vec, .<key> for HashMap) so error messages point at the exact failed entry.

Required Methods

fn mask(&mut self)

Replace each non-empty inner string with MASKED_SECRET.

fn restore_from(&mut self, current: &Self)

Restore inner strings that currently equal MASKED_SECRET from the matching position in current. The dashboard write path relies on this so re-posting an already-displayed masked value doesn’t overwrite the real secret in config.

fn encrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

Encrypt every non-empty, not-already-encrypted inner string.

fn decrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

Inverse of Self::encrypt_in_place.

fn is_set(&self) -> bool

Whether the field carries at least one non-empty inner string. Reported back through SecretFieldInfo::is_set.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementations on Foreign Types

impl SecretField for Option<String>

fn mask(&mut self)

fn restore_from(&mut self, current: &Self)

fn encrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn decrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn is_set(&self) -> bool

impl SecretField for Option<HashMap<String, String>>

fn mask(&mut self)

fn restore_from(&mut self, current: &Self)

fn encrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn decrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn is_set(&self) -> bool

impl SecretField for String

fn mask(&mut self)

fn restore_from(&mut self, current: &Self)

fn encrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn decrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn is_set(&self) -> bool

impl SecretField for Vec<String>

fn mask(&mut self)

fn restore_from(&mut self, current: &Self)

fn encrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn decrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn is_set(&self) -> bool

impl SecretField for HashMap<String, String>

fn mask(&mut self)

fn restore_from(&mut self, current: &Self)

fn encrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn decrypt_in_place(&mut self, store: &SecretStore, field: &str) -> Result<()>

fn is_set(&self) -> bool

Implementors