age-vault 0.1.0

A secure vault for managing age-encrypted accounts and data.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

//! Account management types.
//!
//! This module defines the [`Role`] enum and the [`Account`] struct used to represent
//! identities within the vault.

use serde::{Deserialize, Serialize};

/// The role assigned to an account.
///
/// Roles are used for authorization and can be either predefined (`Admin`, `User`)
/// or a custom string.
///
/// # Examples
///
/// ```
/// use age_vault::Role;
///
/// let admin = Role::Admin;
/// let user = Role::User;
/// let custom = Role::Custom("manager".to_string());
/// ```
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum Role {
    /// Administrator role with full privileges.
    Admin,
    /// Standard user role.
    User,
    /// Custom role defined by a string.
    Custom(String),
}

/// An account representing an identity with an age keypair.
///
/// Each account has a unique ID, a human-readable name, a role, a public key,
/// and an encrypted secret key (encrypted with the vault's KEK). The secret key
/// is never stored in plain text.
///
/// # Fields
///
/// * `id` - Unique identifier (UUID v4).
/// * `name` - Human-readable account name (must be unique within a vault).
/// * `role` - The role assigned to this account.
/// * `public_key` - Age public key string for encryption.
/// * `encrypted_secret_key` - Age secret key encrypted with the vault's KEK.
/// * `enabled` - Whether the account is active.
///
/// # Examples
///
/// ```
/// use age_vault::{Account, Role};
/// use uuid::Uuid;
///
/// let account = Account {
///     id: Uuid::new_v4().to_string(),
///     name: "bob".to_string(),
///     role: Role::User,
///     public_key: "age1...".to_string(),
///     encrypted_secret_key: vec![0u8; 128],
///     enabled: true,
/// };
/// ```
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Account {
    /// Unique identifier for the account.
    pub id: String,
    /// Human-readable name, unique within the vault.
    pub name: String,
    /// Role of the account.
    pub role: Role,
    /// Age public key (e.g., "age1...").
    pub public_key: String,
    /// Encrypted Age secret key (encrypted with vault KEK).
    pub encrypted_secret_key: Vec<u8>,
    /// Whether the account is active.
    pub enabled: bool,
}