acton-service 0.20.0

Production-ready Rust backend framework with type-enforced API versioning
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

//! Automated signing key rotation (NIST SC-12)
//!
//! Provides lifecycle management for cryptographic signing keys used by
//! PASETO and JWT token generators. Keys progress through three states:
//!
//! ```text
//! Active --> Draining --> Retired
//! ```
//!
//! - **Active**: Signs new tokens AND validates existing tokens. One per service.
//! - **Draining**: No longer signs. Still validates during the drain window.
//! - **Retired**: Metadata retained for audit trail only.
//!
//! # Feature Interactions
//!
//! - `auth` alone: Key rotation types and configuration available
//! - `auth` + `database`: PostgreSQL key storage backend
//! - `auth` + `turso`: Turso/libsql key storage backend
//! - `auth` + `surrealdb`: SurrealDB key storage backend
//!
//! # Backward Compatibility
//!
//! When `KeyRotationConfig` is absent or `enabled = false`, static key behavior
//! is unchanged. Tokens issued before key rotation was enabled (no `kid`) still
//! validate via the static key fallback.

pub mod agent;
pub mod config;
pub mod key_metadata;
pub mod manager;
pub mod storage;

pub use agent::{CheckRotation, ForceRotation, KeyRotationAgent};
pub use config::KeyRotationConfig;
pub use key_metadata::{
    KeyFormat, KeyStatus, ParseKeyFormatError, ParseKeyStatusError, SigningKeyMetadata,
};
pub use manager::{CachedKey, KeyManager};
pub use storage::KeyRotationStorage;

#[cfg(feature = "database")]
pub use storage::pg::PgKeyRotationStorage;

#[cfg(feature = "turso")]
pub use storage::turso::TursoKeyRotationStorage;

#[cfg(feature = "surrealdb")]
pub use storage::surrealdb_impl::SurrealKeyRotationStorage;