karchnu
/
crypto-secret.cr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

README.md: Add rules

master
Didactic Drunk 2021-06-14 12:58:16 -07:00
parent 08c94c66a0
commit c3829d4ae6
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -32,6 +32,11 @@ Secret providers may implement additional protections via:
## Usage ## Usage
#### Rules:
1. Secrets are only available within a readonly or readwrite block
2. Secrets are not thread safe except for the provided `Bytes` (only when reading) within a single readonly or readwrite block
```crystal ```crystal
require "crypto-secret/not" require "crypto-secret/not"
@ -48,6 +53,16 @@ secret.wipe do
end # secret is erased end # secret is erased
``` ```
#### Breaking the rules:
If you need thread safety :
1. Switch to a Stateless Secret
2. Or switch the Secret's state to readonly or readwrite after construction and never switch it again. [sodium.cr]() makes use of this technique to provide thread safe encryption/decryption
3. Or wrap all access in a Mutex
If you need more better performance:
* Consider 1. or 2.
## What is a Secret? ## What is a Secret?
<strike>Secrets are Keys</strike> <strike>Secrets are Keys</strike>