pub trait CredentialStore: Send + Sync {
// Required methods
fn get_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, StorageError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
fn put_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
value: Vec<u8>,
) -> Pin<Box<dyn Future<Output = Result<(), StorageError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
fn delete_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), StorageError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
}Expand description
Stores and retrieves named secret material as opaque bytes.
Keys are caller-defined names (for example "openai/api_key"); values are
opaque byte strings so the contract stays agnostic to the secret’s encoding.
Backends are expected to encrypt at rest; this trait only defines the access
contract, not the protection mechanism.
§Example
use aa_core::storage::{CredentialStore, Result, StorageError};
use async_trait::async_trait;
/// A store that holds no secrets.
struct EmptyCredentialStore;
#[async_trait]
impl CredentialStore for EmptyCredentialStore {
async fn get_secret(&self, key: &str) -> Result<Vec<u8>> {
Err(StorageError::NotFound(key.to_owned()))
}
async fn put_secret(&self, _key: &str, _value: Vec<u8>) -> Result<()> {
Ok(())
}
async fn delete_secret(&self, _key: &str) -> Result<()> {
Ok(())
}
}Required Methods§
Sourcefn get_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, StorageError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn get_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, StorageError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Return the secret bytes stored under key.
Returns StorageError::NotFound when no
secret exists for the key.
Sourcefn put_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
value: Vec<u8>,
) -> Pin<Box<dyn Future<Output = Result<(), StorageError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn put_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
value: Vec<u8>,
) -> Pin<Box<dyn Future<Output = Result<(), StorageError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Store value under key, overwriting any existing secret.
Sourcefn delete_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), StorageError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn delete_secret<'life0, 'life1, 'async_trait>(
&'life0 self,
key: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), StorageError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Delete the secret stored under key.
Idempotent: deleting an absent key succeeds.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".