Module secret 

Wrapper types for sensitive values backed by the secrecy crate.

The whole point of these wrappers is auditability: the only way to read the plaintext is expose_secret(), so grep expose_secret enumerates every site where a secret could leak. To keep that guarantee, these types intentionally do not implement Deref, Display, AsRef<str>, Into<String>, or any plain getter. Do not add them.

• DbSecret — a secret string that flows through the sqlx query!/query_as! macros. Map columns to it via sqlx.toml table-overrides. Backed by SecretString (zeroized on drop, redacted from Debug). The only plaintext-read points are its Encode impl (writing to the DB) and explicit expose_secret() calls.
• OutboundSecret — a secret string that is intended to be serialized onto the wire exactly once (e.g. an OAuth/verification token returned to the caller). It redacts in Debug (so it never leaks into logs) but its Serialize impl emits the raw value. That single Serialize impl is the one audited exposure point.

Structs

DbSecret

A secret string stored in / read from the database.

OutboundSecret

A secret string that is deliberately serialized onto the wire once (e.g. a token returned to the caller from an auth endpoint).