Skip to main content

Keyring

ati::core::keyring

Struct Keyring

pub struct Keyring {
    pub ephemeral: bool,
    /* private fields */
}

Expand description

Holds decrypted API keys in memory. Keys are mlock’d and zeroized on drop.

Fields§

§ephemeral: bool

Whether keys were loaded from a sealed source (one-shot key). When true, credential files should be wiped after each use.

Implementations§

impl Keyring

pub fn load(keyring_path: &Path) -> Result<Self, KeyringError>

Load the keyring: read sealed key file, decrypt keyring.enc, mlock memory.

The session key file is deleted immediately after reading.

pub fn load_with_key( keyring_path: &Path, session_key: &[u8; 32], ) -> Result<Self, KeyringError>

Load from an already-known session key (for testing or orchestrator use).

pub fn get(&self, key_name: &str) -> Option<&str>

Get a key by name (e.g. “parallel_api_key”).

pub fn contains(&self, key_name: &str) -> bool

Check if the keyring contains a specific key.

pub fn key_names(&self) -> Vec<&str>

List all key names (not values).

pub fn load_credentials(path: &Path) -> Result<Self, KeyringError>

Load from a plaintext credentials file (JSON object: {“key_name”: “value”, …}).

Used in local mode where ~/.ati/credentials stores keys as plaintext JSON with 0600 permissions (same approach as AWS CLI, gh, Docker, Stripe).

pub fn load_local( keyring_path: &Path, ati_dir: &Path, ) -> Result<Self, KeyringError>

Load keyring.enc using a persistent key stored alongside the ATI directory.

Looks for <ati_dir>/.keyring-key (base64-encoded 32-byte key). Unlike the sealed key in /run/ati/.key, this key is NOT deleted after reading — it’s for proxy servers with persistent storage.

pub fn from_env() -> Self

Create a keyring from environment variables with ATI_KEY_ prefix.

Scans all env vars matching ATI_KEY_*, strips the prefix, lowercases the name. Example: ATI_KEY_FINNHUB_API_KEY=abc123 → key name finnhub_api_key.

pub fn empty() -> Self

Create an empty keyring (for tools with auth_type = none).

pub fn merge(&mut self, other: &Keyring)

Merge another keyring’s keys into this one (other’s keys take precedence).

pub fn len(&self) -> usize

Number of keys in the keyring.

pub fn is_empty(&self) -> bool

Whether the keyring has no keys.

Trait Implementations§

impl Drop for Keyring

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

impl Freeze for Keyring

impl RefUnwindSafe for Keyring

impl Send for Keyring

impl Sync for Keyring

impl Unpin for Keyring

impl UnsafeUnpin for Keyring

impl UnwindSafe for Keyring

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,