lib/at.bitfire.synctools.util/SensitiveString

SensitiveString

@JvmInline
value class SensitiveString

Wrapper for passwords and other sensitive strings so that they're not directly Strings, so that they're less likely to be used in clear-text unintentionally, like being printed in logs by Any.toString.

This class does not address the issue that clear-text passwords are stored in memory. This problem could only be reduced if we would consequently store and process only encrypted passwords, except some "providePassword" method that provides the clear-text password for a lambda function as CharArray and wipes out the array values after usage.

See also:

  • https://stackoverflow.com/a/8889285

  • https://javaee.github.io/security-api/apidocs/javax/security/enterprise/credential/Password.html and https://javaee.github.io/security-api/apidocs/javax/security/enterprise/credential/UsernamePasswordCredential.html

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
fun asCharArray(): CharArray

Returns the sensitive string as a CharArray.

Link copied to clipboard
fun asString(): String

Returns the sensitive string as an immutable String.

Link copied to clipboard
open override fun toString(): String

Overrides toString so that it doesn't expose the clear-text string (password).

Generated by Dokka
© 2026 Copyright