Struct aptos_secure_storage::VaultStorage

pub struct VaultStorage { /* private fields */ }

VaultStorage utilizes Vault for maintaining encrypted, authenticated data. This version currently matches the behavior of OnDiskStorage and InMemoryStorage. In the future, Vault will be able to create keys, sign messages, and handle permissions across different services. The specific vault service leveraged herein is called KV (Key Value) Secrets Engine - Version 2 (https://www.vaultproject.io/api/secret/kv/kv-v2.html). So while Secure Storage calls pointers to data keys, Vault has actually a secret that contains multiple key value pairs.

Implementations

impl VaultStorage

pub fn new(
    host: String,
    token: String,
    certificate: Option<String>,
    renew_ttl_secs: Option<u32>,
    use_cas: bool,
    connection_timeout_ms: Option<u64>,
    response_timeout_ms: Option<u64>
) -> Self

Trait Implementations

impl CryptoStorage for VaultStorage

fn create_key(&mut self, name: &str) -> Result<Ed25519PublicKey, Error>

Securely generates a new named Ed25519 private key. The behavior for calling this interface multiple times with the same name is implementation specific.

fn export_private_key(&self, name: &str) -> Result<Ed25519PrivateKey, Error>

Returns the Ed25519 private key stored at ‘name’.

fn export_private_key_for_version(
    &self,
    name: &str,
    version: Ed25519PublicKey
) -> Result<Ed25519PrivateKey, Error>

Returns the Ed25519 private key stored at ‘name’ and identified by ‘version’, which is the corresponding public key. This may fail even if the ‘named’ key exists but the version is not present.

fn import_private_key(
    &mut self,
    name: &str,
    key: Ed25519PrivateKey
) -> Result<(), Error>

An optional API that allows importing private keys and storing them at the provided name. This is not intended to be used in production and the API may throw unimplemented if not used correctly. As this is purely a testing API, there is no defined behavior for importing a key for a given name if that name already exists. It only exists to allow running in test environments where a set of deterministic keys must be generated.

fn get_public_key(&self, name: &str) -> Result<PublicKeyResponse, Error>

Returns the Ed25519 public key stored at ‘name’.

fn get_public_key_previous_version(
    &self,
    name: &str
) -> Result<Ed25519PublicKey, Error>

Returns the previous version of the Ed25519 public key stored at ‘name’. For the most recent version, see ‘get_public_key(..)’ above.

fn rotate_key(&mut self, name: &str) -> Result<Ed25519PublicKey, Error>

Rotates an Ed25519 private key. Future calls without version to this ‘named’ key will return the rotated key instance. The previous key is retained and can be accessed via the version. At most two versions are expected to be retained.

fn sign<T: CryptoHash + Serialize>(
    &self,
    name: &str,
    message: &T
) -> Result<Ed25519Signature, Error>

Signs the provided securely-hashable struct, using the ‘named’ private key.

fn sign_using_version<T: CryptoHash + Serialize>(
    &self,
    name: &str,
    version: Ed25519PublicKey,
    message: &T
) -> Result<Ed25519Signature, Error>

Signs the provided securely-hashable struct, using the ‘named’ and ‘versioned’ private key. This may fail even if the ‘named’ key exists but the version is not present.

impl From<VaultStorage> for Storage

fn from(v: VaultStorage) -> Storage

Converts to this type from the input type.

impl KVStorage for VaultStorage

fn available(&self) -> Result<(), Error>

Returns an error if the backend service is not online and available.

fn get<T: DeserializeOwned>(&self, key: &str) -> Result<GetResponse<T>, Error>

Retrieves a value from storage and fails if the backend is unavailable or the process has invalid permissions.

fn set<T: Serialize>(&mut self, key: &str, value: T) -> Result<(), Error>

Sets a value in storage and fails if the backend is unavailable or the process has invalid permissions.

impl TryInto<VaultStorage> for Storage

type Error = &'static str

The type returned in the event of a conversion error.

fn try_into(
    self
) -> Result<VaultStorage, <Self as TryInto<VaultStorage>>::Error>

Performs the conversion.