mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 22:00:31 +00:00
98c9c33ea0
S3Credentials had #[zeroize(skip)] on secret_access_key instead of access_key_id. The comment said "access_key_id is not sensitive" but the annotation was on the adjacent field. In practice ProtectedString has its own #[zeroize(drop)] so the secret was still zeroed on drop, but the annotation contradicted its own comment and would silently break if ProtectedString's drop behavior ever changed. ProtectedString::into_inner() cloned self.inner instead of moving it out. Use std::mem::take to swap the value out directly, avoiding the unnecessary heap allocation of the clone. // ticktockbent