Skip to main content

KeyProvider

codlet_core::hashing

Trait KeyProvider

pub trait KeyProvider {
    // Required methods
    fn active_hmac_key(&self) -> Result<HmacKeyRef<'_>, KeyError>;
    fn hmac_key_by_version(
        &self,
        version: &KeyVersion,
    ) -> Result<HmacKeyRef<'_>, KeyError>;
}

Expand description

Supplies HMAC key material. Synchronous, so key lookup does not couple to a web/runtime async model (RFC-004 §3.3). No fallback key exists: missing material is an error (INV-2, SR-29).

Required Methods§

fn active_hmac_key(&self) -> Result<HmacKeyRef<'_>, KeyError>

The active key used for new derivations.

§Errors

KeyError::MissingActiveKey if none is configured.

fn hmac_key_by_version( &self, version: &KeyVersion, ) -> Result<HmacKeyRef<'_>, KeyError>

A specific historical key, for validating records written under an older version during rotation.

§Errors

KeyError::MissingKeyVersion if that version is unknown. Callers must fail closed for that candidate rather than falling back.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§

impl KeyProvider for StaticKeyProvider