OnePassword

corteq_onepassword

Struct OnePassword 

Source 
pub struct OnePassword { /* private fields */ }
Expand description

1Password client for retrieving secrets.

The client is thread-safe and can be shared across tasks via Arc<OnePassword>. It does NOT implement Clone to prevent accidental session duplication.

§Thread Safety

OnePassword is Send + Sync, allowing it to be used in async contexts and shared between threads.

§Examples

use std::sync::Arc;
use corteq_onepassword::OnePassword;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create and share the client
    let client = Arc::new(OnePassword::from_env()?.connect().await?);

    // Use in multiple tasks
    let client1 = Arc::clone(&client);
    let client2 = Arc::clone(&client);

    let (secret1, secret2) = tokio::join!(
        client1.secret("op://vault/item/field1"),
        client2.secret("op://vault/item/field2"),
    );

    Ok(())
}

Implementations§

Source§

impl OnePassword

Source

pub fn from_env() -> Result<OnePasswordBuilder>

Create a builder using the OP_SERVICE_ACCOUNT_TOKEN environment variable.

This is the recommended way to create a client in production, as it avoids hardcoding tokens in source code.

§Errors

Returns Error::MissingAuthToken if the environment variable is not set or is empty.

§Examples
use corteq_onepassword::OnePassword;

// Set OP_SERVICE_ACCOUNT_TOKEN in your environment
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = OnePassword::from_env()?
        .connect()
        .await?;
    Ok(())
}
Source

pub fn from_token(token: impl Into<String>) -> Result<OnePasswordBuilder>

Create a builder with an explicit service account token.

Use this method for testing or when the token is provided through a mechanism other than environment variables.

§Security Note

Avoid hardcoding tokens in source code. Prefer from_env() for production use.

§Errors

Returns Error::InvalidToken if the token format is invalid. Valid tokens start with “ops_” and contain a base64-encoded JSON payload.

§Examples
use corteq_onepassword::OnePassword;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let token = std::env::var("CUSTOM_TOKEN_VAR")?;
    let client = OnePassword::from_token(&token)?
        .connect()
        .await?;
    Ok(())
}
Source

pub async fn secret(&self, reference: &str) -> Result<SecretString>

Resolve a single secret by reference.

§Arguments
  • reference - Secret reference in format op://vault/item/field or op://vault/item/section/field
§Returns

The secret value wrapped in SecretString for secure memory handling. Use .expose_secret() to access the value.

§Errors
§Examples
use corteq_onepassword::{OnePassword, ExposeSecret};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = OnePassword::from_env()?.connect().await?;

    let api_key = client.secret("op://prod/stripe/api-key").await?;
    println!("API key length: {}", api_key.expose_secret().len());
    Ok(())
}
Source

pub async fn secrets(&self, references: &[&str]) -> Result<Vec<SecretString>>

Resolve multiple secrets in a batch.

Secrets are returned in the same order as the input references. The operation fails atomically - if any reference fails, none are returned.

§Arguments
  • references - Slice of secret references to resolve
§Returns

A vector of SecretString values in the same order as input.

§Errors

Returns an error if any reference is invalid or cannot be resolved. The error will indicate which reference failed.

§Examples
use corteq_onepassword::{OnePassword, ExposeSecret};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = OnePassword::from_env()?.connect().await?;

    let secrets = client.secrets(&[
        "op://prod/database/host",
        "op://prod/database/username",
        "op://prod/database/password",
    ]).await?;

    let host = secrets[0].expose_secret();
    let user = secrets[1].expose_secret();
    let pass = secrets[2].expose_secret();
    Ok(())
}
Source

pub async fn secrets_named( &self, mappings: &[(&str, &str)], ) -> Result<SecretMap>

Resolve secrets with user-defined names.

This method allows you to assign memorable names to secrets, making your code more readable and decoupling it from specific vault/item/field paths.

§Arguments
  • mappings - Slice of (name, reference) tuples
§Returns

A SecretMap that can be accessed by name.

§Errors

Returns an error if any reference is invalid or cannot be resolved.

§Examples
use corteq_onepassword::{OnePassword, ExposeSecret};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = OnePassword::from_env()?.connect().await?;

    let secrets = client.secrets_named(&[
        ("db_host", "op://prod/database/host"),
        ("db_user", "op://prod/database/username"),
        ("db_pass", "op://prod/database/password"),
    ]).await?;

    let host = secrets.get("db_host").expect("db_host not found").expose_secret();
    let user = secrets.get("db_user").expect("db_user not found").expose_secret();
    let pass = secrets.get("db_pass").expect("db_pass not found").expose_secret();
    Ok(())
}

Trait Implementations§

Source§

impl Debug for OnePassword

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Send for OnePassword

Source§

impl Sync for OnePassword

Auto Trait Implementations§

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more