Skip to main content

SecretHasher

codlet_core::hashing

Struct SecretHasher

pub struct SecretHasher<K> { /* private fields */ }

Expand description

Derives LookupKeys from secrets using a KeyProvider.

Implementations§

impl<K: KeyProvider> SecretHasher<K>

pub fn new(key_provider: K) -> Self

Wrap a key provider.

pub fn key_provider(&self) -> &K

Borrow the underlying key provider.

pub fn lookup_key( &self, domain: SecretDomain, value: &str, ) -> Result<(LookupKey, KeyVersion), KeyError>

Derive a lookup key for value in domain using the active key. Returns the key plus the active KeyVersion to store alongside it.

§Errors

Propagates KeyError from the provider (e.g. missing active key).

pub fn lookup_key_candidates( &self, domain: SecretDomain, value: &str, ) -> Result<Vec<(LookupKey, KeyVersion)>, KeyError>

Derive one lookup-key candidate per held key (active first, then previous). Managers pass the full slice to store finders so that records written under any held key are reachable during the rotation grace period (RFC-A).

§Errors

Propagates KeyError::MissingActiveKey if no keys are configured.

pub fn lookup_key_with_version( &self, domain: SecretDomain, value: &str, version: &KeyVersion, ) -> Result<LookupKey, KeyError>

Derive a lookup key for value in domain using a specific key version. Used during validation to re-derive candidates for records written under older keys.

§Errors

Propagates KeyError::MissingKeyVersion if the version is unknown.

Trait Implementations§

impl<K: Clone> Clone for SecretHasher<K>

fn clone(&self) -> SecretHasher<K>

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl<K: Debug> Debug for SecretHasher<K>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl<K> Freeze for SecretHasher<K>
where K: Freeze,

impl<K> RefUnwindSafe for SecretHasher<K>
where K: RefUnwindSafe,

impl<K> Send for SecretHasher<K>
where K: Send,

impl<K> Sync for SecretHasher<K>
where K: Sync,

impl<K> Unpin for SecretHasher<K>
where K: Unpin,

impl<K> UnsafeUnpin for SecretHasher<K>
where K: UnsafeUnpin,

impl<K> UnwindSafe for SecretHasher<K>
where K: UnwindSafe,

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.