Use secrecy

Cargo.lock

@@ -1818,6 +1818,16 @@ dependencies = [
  "untrusted",
 ]
 
+[[package]]
+name = "secrecy"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
+dependencies = [
+ "serde",
+ "zeroize",
+]
+
 [[package]]
 name = "security-framework"
 version = "2.4.2"
@@ -2853,6 +2863,7 @@ dependencies = [
  "quickcheck_macros",
  "rand 0.8.4",
  "reqwest",
+ "secrecy",
  "serde",
  "serde-aux",
  "serde_json",
@@ -2870,6 +2881,12 @@ dependencies = [
  "wiremock",
 ]
 
+[[package]]
+name = "zeroize"
+version = "1.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d68d9dcec5f9b43a30d38c49f91dfedfaac384cb8f085faca366c26207dd1619"
+
 [[package]]
 name = "zstd"
 version = "0.9.1+zstd.1.5.1"

Cargo.toml

@@ -33,6 +33,7 @@ validator = "0.12.0"
 rand = { version = "0.8", features=["std_rng"] }
 sha2 = { version = "0.9" }
 anyhow = "1.0.40"
+secrecy = { version = "0.8", features = ["serde"] }
 
 [dev-dependencies]
 once_cell = "1.7.2"

src/configuration.rs

@@ -1,4 +1,5 @@
 use crate::domain::SubscriberEmail;
+use secrecy::{ExposeSecret, Secret};
 use serde_aux::field_attributes::deserialize_number_from_string;
 use sqlx::postgres::{PgConnectOptions, PgSslMode};
 use sqlx::ConnectOptions;
@@ -22,7 +23,7 @@ pub struct ApplicationSettings {
 #[derive(serde::Deserialize, Clone)]
 pub struct DatabaseSettings {
     pub username: String,
-    pub password: String,
+    pub password: Secret<String>,
     #[serde(deserialize_with = "deserialize_number_from_string")]
     pub port: u16,
     pub host: String,
@@ -40,7 +41,7 @@ impl DatabaseSettings {
         PgConnectOptions::new()
             .host(&self.host)
             .username(&self.username)
-            .password(&self.password)
+            .password(&self.password.expose_secret())
             .port(self.port)
             .ssl_mode(ssl_mode)
     }
@@ -56,7 +57,7 @@ impl DatabaseSettings {
 pub struct EmailClientSettings {
     pub base_url: String,
     pub sender_email: String,
-    pub authorization_token: String,
+    pub authorization_token: Secret<String>,
     pub timeout_milliseconds: u64,
 }
 

src/email_client.rs

@@ -1,18 +1,19 @@
 use crate::domain::SubscriberEmail;
 use reqwest::Client;
+use secrecy::{ExposeSecret, Secret};
 
 pub struct EmailClient {
     http_client: Client,
     base_url: String,
     sender: SubscriberEmail,
-    authorization_token: String,
+    authorization_token: Secret<String>,
 }
 
 impl EmailClient {
     pub fn new(
         base_url: String,
         sender: SubscriberEmail,
-        authorization_token: String,
+        authorization_token: Secret<String>,
         timeout: std::time::Duration,
     ) -> Self {
         let http_client = Client::builder().timeout(timeout).build().unwrap();
@@ -41,7 +42,10 @@ impl EmailClient {
         };
         self.http_client
             .post(&url)
-            .header("X-Postmark-Server-Token", &self.authorization_token)
+            .header(
+                "X-Postmark-Server-Token",
+                self.authorization_token.expose_secret(),
+            )
             .json(&request_body)
             .send()
             .await?
@@ -68,6 +72,7 @@ mod tests {
     use fake::faker::internet::en::SafeEmail;
     use fake::faker::lorem::en::{Paragraph, Sentence};
     use fake::{Fake, Faker};
+    use secrecy::Secret;
     use wiremock::matchers::{any, header, header_exists, method, path};
     use wiremock::{Mock, MockServer, Request, ResponseTemplate};
 
@@ -108,7 +113,7 @@ mod tests {
         EmailClient::new(
             base_url,
             email(),
-            Faker.fake(),
+            Secret::new(Faker.fake()),
             std::time::Duration::from_millis(200),
         )
     }