hubcio opened a new issue, #2728: URL: https://github.com/apache/iggy/issues/2728
Use the `secrecy` crate to wrap passwords and sensitive strings throughout the codebase. This prevents accidental logging, ensures zeroization on drop, and makes security boundaries explicit in the type system. **What to focus on:** - Wrap password fields with `Secret<String>` in commands, CLI args, and SDK methods - Keep binary protocol serialization unchanged (Secret is transparent during serialization) - Only expose secrets via `.expose_secret()` when hashing or serializing - Consider PAT tokens and connection strings too (currently we manually replace sensitive content with `*****`) Done when passwords are never accidentally logged, tests pass, and all plaintext password fields are wrapped. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
