[cryptography] Add Secret<T> wrapper for protected key material

[andresilva]

This PR introduces a Secret<T> wrapper type that provides secure handling of sensitive cryptographic material.

The wrapper prevents accidental leakage of secrets, Debug and Display implementations always print [REDACTED] rather than the actual value. When the secret is dropped, the memory is explicitly zeroized to prevent data from lingering in freed memory.

All comparisons use constant-time algorithms from the subtle crate to prevent timing side-channel attacks, examining every byte rather than short-circuiting on the first difference.

To read a secret, callers must use the expose() method with a closure. Currently the wrapper will just call the closure with the inner secret value and not do any special handling, but this API allows easily auditing all places where secrets are used (i.e. just grep for expose), and in the future this API can be augmented with OS-specific memory hardening.

All private key types in the cryptography crate now store their sensitive material in Secret<T> wrappers.

Replaces #2423.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	commonware-mcp	99b8b43	Jan 07 2026, 10:28 AM

[cloudflare-workers-and-pages]

Deploying monorepo with    Cloudflare Pages

Latest commit:	99b8b43
Status:	✅  Deploy successful!
Preview URL:	https://4a07c0ed.monorepo-eu0.pages.dev
Branch Preview URL:	https://andre-secrets-wrapper.monorepo-eu0.pages.dev

View logs

[cronokirby]

This is a really good idea!

I think we should lean on some of the existing ecosystem crates like "subtle", because the compiler is really good at detecting your constant time comparison and messing it up, so it's better to use a nice dependency which can use the most current tricks to fool it.

[codecov]

Codecov Report

❌ Patch coverage is 99.71591% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 93.02%. Comparing base (c16f312) to head (99b8b43).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
cryptography/src/bls12381/dkg.rs	98.63%	1 Missing ⚠️

@@            Coverage Diff             @@
##             main    #2640      +/-   ##
==========================================
+ Coverage   92.91%   93.02%   +0.10%     
==========================================
  Files         363      364       +1     
  Lines      108104   108214     +110     
==========================================
+ Hits       100450   100666     +216     
+ Misses       7654     7548     -106     

Files with missing lines	Coverage Δ
cryptography/src/bls12381/primitives/group.rs	93.04% <100.00%> (+1.33%)	⬆️
...ptography/src/bls12381/primitives/ops/threshold.rs	96.56% <100.00%> (+0.01%)	⬆️
cryptography/src/bls12381/scheme.rs	65.36% <100.00%> (+15.10%)	⬆️
cryptography/src/ed25519/certificate/mocks.rs	100.00% <100.00%> (ø)
cryptography/src/ed25519/scheme.rs	96.86% <100.00%> (+5.86%)	⬆️
cryptography/src/handshake.rs	96.72% <100.00%> (+0.05%)	⬆️
cryptography/src/handshake/cipher.rs	97.43% <100.00%> (ø)
cryptography/src/handshake/key_exchange.rs	97.14% <100.00%> (+0.26%)	⬆️
cryptography/src/lib.rs	100.00% <ø> (ø)
cryptography/src/secp256r1/common.rs	96.03% <100.00%> (+6.94%)	⬆️
... and 4 more

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c16f312...99b8b43. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.