axum-login icon indicating copy to clipboard operation
axum-login copied to clipboard

Published 20 hours ago • verified publisher icon maxcountryman

Evaluate better management of sensitive data

Open maxcountryman opened this issue 1 year ago • 1 comments

Previously we relied on the secrecy crate to ensure the session_auth_hash was handled carefully. However, it's unclear to me how active development is of that crate. It's also worth mentioning there are at least two other crates with similar goals.

It would be helpful to evaluate if any of these crates should be adopted for managing the session_auth_hash value:

maxcountryman avatar Nov 07 '23 18:11 maxcountryman

Secrecy seems a bit of an overkill if we just want to keep stuff out of logs. From your proposed libraries redact seems like what we want.

czocher avatar Nov 08 '23 18:11 czocher