ZeroKMS

cipherstash_client::zerokms

Struct ZeroKMS 

pub struct ZeroKMS<C, ClientKeyState = ()>
where
    ClientKeyState: Zeroize,
{ /* private fields */ }

Implementations§

§

impl<C: Credentials<Token = ServiceToken>> ZeroKMS<C>

pub fn new( base_url: &Url, credentials: C, decryption_log_path: Option<&Path>, ) -> Self

Create a new instance of the ZeroKMS client.

In most cases it is prefered to use crate::config::ZeroKMSConfig::create_client instead of calling this manually.

pub fn new_with_client_key( base_url: &Url, credentials: C, decryption_log_path: Option<&Path>, client_key: ClientKey, ) -> ZeroKMSWithClientKey<C>

Create a new instance of the ZeroKMS client with a ClientKey.

In most cases it is prefered to use crate::config::ZeroKMSConfigWithClientKey::create_client instead of calling this manually.

§

impl<C: Credentials<Token = ServiceToken>, K> ZeroKMS<C, K>
where K: Zeroize,

pub fn log_decryptions<P>(&self, records: &[P], access_token: &str)
where P: Decryptable,

pub async fn create_dataset( &self, name: &str, description: &str, ) -> Result<Keyset, Error>

👎Deprecated since 0.26.0: replaced by create_keyset

Create a Keyset (previously known as a Keyset) in ZeroKMS used to encrypt data. The name and description are used to identify the keyset.

pub async fn create_keyset( &self, name: &str, description: &str, ) -> Result<Keyset, Error>

Create a Keyset in ZeroKMS used to encrypt data. The name and description are used to identify the keyset.

pub async fn grant_dataset( &self, client_id: Uuid, keyset_id: Uuid, ) -> Result<(), Error>

👎Deprecated since 0.26.0: replaced by grant_keyset

Grant a client with the given client_id access to a Keyset with an ID of keyset_id. For this to work, the client must already exist and have access to at least one dayaset.

If you are creating a new client, use Self::create_client instead. Note that the client and keyset must be in the same workspace.

pub async fn grant_keyset( &self, client_id: Uuid, keyset_id: Uuid, ) -> Result<(), Error>

Grant a client with the given client_id access to a Keyset with an ID of keyset_id. For this to work, the client must already exist and have access to at least one dayaset.

If you are creating a new client, use Self::create_client instead. Note that the client and keyset must be in the same workspace.

pub async fn revoke_dataset( &self, client_id: Uuid, keyset_id: Uuid, ) -> Result<(), Error>

👎Deprecated since 0.26.0: replaced by revoke_keyset

Revoke a Client with the given client_id access to the Keyset with keyset_id. If the client only has access to one keyset, this is the same as deleting the client.

pub async fn revoke_keyset( &self, client_id: Uuid, keyset_id: Uuid, ) -> Result<(), Error>

Revoke a Client with the given client_id access to the Keyset with keyset_id. If the client only has access to one keyset, this is the same as deleting the client.

pub async fn list_datasets( &self, include_disabled: bool, ) -> Result<Vec<Keyset>, Error>

👎Deprecated since 0.26.0: replaced by list_datasets

List all Keysets in ZeroKMS for the current workspace.

pub async fn list_keysets( &self, include_disabled: bool, ) -> Result<Vec<Keyset>, Error>

List all Keysets in ZeroKMS for the current workspace.

pub async fn enable_dataset(&self, keyset_id: Uuid) -> Result<(), Error>

👎Deprecated since 0.26.0: replaced by enable_keyset

Enable a Keyset by ID if it has been disabled.

pub async fn enable_keyset(&self, keyset_id: Uuid) -> Result<(), Error>

Enable a Keyset by ID if it has been disabled.

pub async fn disable_dataset(&self, keyset_id: Uuid) -> Result<(), Error>

👎Deprecated since 0.26.0: replaced by disable_keyset

Disable a Keyset by ID.

A disabled keyset will deny all attempts to encrypt and decrypt data.

pub async fn disable_keyset(&self, keyset_id: Uuid) -> Result<(), Error>

Disable a Keyset by ID.

A disabled keyset will deny all attempts to encrypt and decrypt data.

pub async fn modify_dataset( &self, keyset_id: Uuid, name: Option<&str>, description: Option<&str>, ) -> Result<(), Error>

👎Deprecated since 0.26.0: replaced by modify_keyset

Modify a Keyset by ID by setting a new name or description.

pub async fn modify_keyset( &self, keyset_id: Uuid, name: Option<&str>, description: Option<&str>, ) -> Result<(), Error>

Modify a Keyset by ID by setting a new name or description.

pub async fn create_client( &self, name: &str, description: &str, keyset_id: Uuid, ) -> Result<CreateClientResponse, Error>

Create a new client for the specified keyset.

Clients are required to generate and retrieve keysets key a specified keyset. Use the ClientKey returned by CreateClientResponse to create a ZeroKMSWithClientKey client that can encrypt and decrypt.

This ClientKey can not be retrieved again after creating the client. So it’s important to keep it somewhere safe.

§ClientKey compromise

If you suspect that a ClientKey has been compromised, you should revoke the client and create a new one. See Self::delete_client for more information.

§Create vs Grant

If you are creating a new client, use this method. If you are granting access to an existing client, use Self::grant_keyset instead.

pub async fn list_clients(&self) -> Result<Vec<KeysetClient>, Error>

List clients for the current workspace in ZeroKMS.

pub async fn delete_client( &self, client_id: Uuid, ) -> Result<DeleteClientResponse, Error>

Delete client by ID.

Once a client is deleted it can’t be used to generate or retrieve data keys. This method nullifies the ClientKey for the client. Even if an attacker has the ClientKey, they can’t use it to decrypt data.

To revoke access only to a specific keyset, use Self::revoke_keyset instead.

§

impl<C: Credentials<Token = ServiceToken>> ZeroKMS<C, ClientKey>

pub async fn encrypt( &self, payloads: impl IntoIterator<Item = EncryptPayload<'_>>, keyset_id: Option<Uuid>, ) -> Result<Vec<EncryptedRecord>, Error>

Encrypt a stream of EncryptPayload and return them as an EncryptedRecord. Note that this only works when Self is a ZeroKMSWithClientKey client.

pub async fn encrypt_single( &self, payload: EncryptPayload<'_>, keyset_id: Option<Uuid>, ) -> Result<EncryptedRecord, Error>

Encrypt a single EncryptPayload. Note that this only works when Self is a ZeroKMSWithClientKey client.

pub async fn decrypt<P>( &self, payloads: impl IntoIterator<Item = P>, keyset_id: Option<Uuid>, service_token: Option<ServiceToken>, unverified_context: Option<UnverifiedContext>, ) -> Result<Vec<Vec<u8>>, Error>
where P: Decryptable,

Decrypt a stream of EncryptedRecord and return the raw decrypted binary blob. Note that this only works when Self is a ZeroKMSWithClientKey client.

This function will decrypt records from any keyset that the client has access to.

pub async fn decrypt_fallible<P>( &self, payloads: impl IntoIterator<Item = P>, service_token: Option<ServiceToken>, unverified_context: Option<UnverifiedContext>, ) -> Result<Vec<Result<Vec<u8>, RecordDecryptError>>, Error>
where P: Decryptable,

Decrypt a stream of EncryptedRecord and return the raw decrypted binary blob. Note that this only works when Self is a ZeroKMSWithClientKey client.

This function will decrypt records from any keyset that the client has access to.

pub async fn decrypt_single<P>( &self, payload: P, keyset_id: Option<Uuid>, service_token: Option<ServiceToken>, unverified_context: Option<UnverifiedContext>, ) -> Result<Vec<u8>, Error>
where P: Decryptable,

Decrypt a single EncryptedRecord. Note that this only works when Self is a ZeroKMSWithClientKey client.

Trait Implementations§

§

impl<C, ClientKeyState> Drop for ZeroKMS<C, ClientKeyState>
where ClientKeyState: Zeroize,

§

fn drop(&mut self)

Executes the destructor for this type. Read more
§

impl<C, ClientKeyState> Zeroize for ZeroKMS<C, ClientKeyState>
where ClientKeyState: Zeroize,

§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

§

impl<C, ClientKeyState = ()> !Freeze for ZeroKMS<C, ClientKeyState>

§

impl<C, ClientKeyState = ()> !RefUnwindSafe for ZeroKMS<C, ClientKeyState>

§

impl<C, ClientKeyState> Send for ZeroKMS<C, ClientKeyState>
where C: Send, ClientKeyState: Send,

§

impl<C, ClientKeyState> Sync for ZeroKMS<C, ClientKeyState>
where C: Sync, ClientKeyState: Sync,

§

impl<C, ClientKeyState> Unpin for ZeroKMS<C, ClientKeyState>
where C: Unpin, ClientKeyState: Unpin,

§

impl<C, ClientKeyState = ()> !UnwindSafe for ZeroKMS<C, ClientKeyState>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> Fake for T

Source§

fn fake<U>(&self) -> U
where Self: FakeBase<U>,

Source§

fn fake_with_rng<U, R>(&self, rng: &mut R) -> U
where R: Rng + ?Sized, Self: FakeBase<U>,

Source§

impl<T> Fake for T

Source§

fn fake<U>(&self) -> U
where Self: FakeBase<U>,

Source§

fn fake_with_rng<U, R>(&self, rng: &mut R) -> U
where R: Rng + ?Sized, Self: FakeBase<U>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> IntoSql for T

Source§

fn into_sql<T>(self) -> Self::Expression
where Self: Sized + AsExpression<T>, T: SqlType + TypedExpressionType,

Convert self to an expression for Diesel’s query builder. Read more
Source§

fn as_sql<'a, T>(&'a self) -> <&'a Self as AsExpression<T>>::Expression
where &'a Self: AsExpression<T>, T: SqlType + TypedExpressionType,

Convert &self to an expression for Diesel’s query builder. Read more
Source§

impl<D> OwoColorize for D

Source§

fn fg<C>(&self) -> FgColorDisplay<'_, C, Self>
where C: Color,

Set the foreground color generically Read more
Source§

fn bg<C>(&self) -> BgColorDisplay<'_, C, Self>
where C: Color,

Set the background color generically. Read more
Source§

fn black(&self) -> FgColorDisplay<'_, Black, Self>

Change the foreground color to black
Source§

fn on_black(&self) -> BgColorDisplay<'_, Black, Self>

Change the background color to black
Source§

fn red(&self) -> FgColorDisplay<'_, Red, Self>

Change the foreground color to red
Source§

fn on_red(&self) -> BgColorDisplay<'_, Red, Self>

Change the background color to red
Source§

fn green(&self) -> FgColorDisplay<'_, Green, Self>

Change the foreground color to green
Source§

fn on_green(&self) -> BgColorDisplay<'_, Green, Self>

Change the background color to green
Source§

fn yellow(&self) -> FgColorDisplay<'_, Yellow, Self>

Change the foreground color to yellow
Source§

fn on_yellow(&self) -> BgColorDisplay<'_, Yellow, Self>

Change the background color to yellow
Source§

fn blue(&self) -> FgColorDisplay<'_, Blue, Self>

Change the foreground color to blue
Source§

fn on_blue(&self) -> BgColorDisplay<'_, Blue, Self>

Change the background color to blue
Source§

fn magenta(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to magenta
Source§

fn on_magenta(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to magenta
Source§

fn purple(&self) -> FgColorDisplay<'_, Magenta, Self>

Change the foreground color to purple
Source§

fn on_purple(&self) -> BgColorDisplay<'_, Magenta, Self>

Change the background color to purple
Source§

fn cyan(&self) -> FgColorDisplay<'_, Cyan, Self>

Change the foreground color to cyan
Source§

fn on_cyan(&self) -> BgColorDisplay<'_, Cyan, Self>

Change the background color to cyan
Source§

fn white(&self) -> FgColorDisplay<'_, White, Self>

Change the foreground color to white
Source§

fn on_white(&self) -> BgColorDisplay<'_, White, Self>

Change the background color to white
Source§

fn default_color(&self) -> FgColorDisplay<'_, Default, Self>

Change the foreground color to the terminal default
Source§

fn on_default_color(&self) -> BgColorDisplay<'_, Default, Self>

Change the background color to the terminal default
Source§

fn bright_black(&self) -> FgColorDisplay<'_, BrightBlack, Self>

Change the foreground color to bright black
Source§

fn on_bright_black(&self) -> BgColorDisplay<'_, BrightBlack, Self>

Change the background color to bright black
Source§

fn bright_red(&self) -> FgColorDisplay<'_, BrightRed, Self>

Change the foreground color to bright red
Source§

fn on_bright_red(&self) -> BgColorDisplay<'_, BrightRed, Self>

Change the background color to bright red
Source§

fn bright_green(&self) -> FgColorDisplay<'_, BrightGreen, Self>

Change the foreground color to bright green
Source§

fn on_bright_green(&self) -> BgColorDisplay<'_, BrightGreen, Self>

Change the background color to bright green
Source§

fn bright_yellow(&self) -> FgColorDisplay<'_, BrightYellow, Self>

Change the foreground color to bright yellow
Source§

fn on_bright_yellow(&self) -> BgColorDisplay<'_, BrightYellow, Self>

Change the background color to bright yellow
Source§

fn bright_blue(&self) -> FgColorDisplay<'_, BrightBlue, Self>

Change the foreground color to bright blue
Source§

fn on_bright_blue(&self) -> BgColorDisplay<'_, BrightBlue, Self>

Change the background color to bright blue
Source§

fn bright_magenta(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright magenta
Source§

fn on_bright_magenta(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright magenta
Source§

fn bright_purple(&self) -> FgColorDisplay<'_, BrightMagenta, Self>

Change the foreground color to bright purple
Source§

fn on_bright_purple(&self) -> BgColorDisplay<'_, BrightMagenta, Self>

Change the background color to bright purple
Source§

fn bright_cyan(&self) -> FgColorDisplay<'_, BrightCyan, Self>

Change the foreground color to bright cyan
Source§

fn on_bright_cyan(&self) -> BgColorDisplay<'_, BrightCyan, Self>

Change the background color to bright cyan
Source§

fn bright_white(&self) -> FgColorDisplay<'_, BrightWhite, Self>

Change the foreground color to bright white
Source§

fn on_bright_white(&self) -> BgColorDisplay<'_, BrightWhite, Self>

Change the background color to bright white
Source§

fn bold(&self) -> BoldDisplay<'_, Self>

Make the text bold
Source§

fn dimmed(&self) -> DimDisplay<'_, Self>

Make the text dim
Source§

fn italic(&self) -> ItalicDisplay<'_, Self>

Make the text italicized
Source§

fn underline(&self) -> UnderlineDisplay<'_, Self>

Make the text underlined
Make the text blink
Make the text blink (but fast!)
Source§

fn reversed(&self) -> ReversedDisplay<'_, Self>

Swap the foreground and background colors
Source§

fn hidden(&self) -> HiddenDisplay<'_, Self>

Hide the text
Source§

fn strikethrough(&self) -> StrikeThroughDisplay<'_, Self>

Cross out the text
Source§

fn color<Color>(&self, color: Color) -> FgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the foreground color at runtime. Only use if you do not know which color will be used at compile-time. If the color is constant, use either OwoColorize::fg or a color-specific method, such as OwoColorize::green, Read more
Source§

fn on_color<Color>(&self, color: Color) -> BgDynColorDisplay<'_, Color, Self>
where Color: DynColor,

Set the background color at runtime. Only use if you do not know what color to use at compile-time. If the color is constant, use either OwoColorize::bg or a color-specific method, such as OwoColorize::on_yellow, Read more
Source§

fn fg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> FgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the foreground color to a specific RGB value.
Source§

fn bg_rgb<const R: u8, const G: u8, const B: u8>( &self, ) -> BgColorDisplay<'_, CustomColor<R, G, B>, Self>

Set the background color to a specific RGB value.
Source§

fn truecolor(&self, r: u8, g: u8, b: u8) -> FgDynColorDisplay<'_, Rgb, Self>

Sets the foreground color to an RGB value.
Source§

fn on_truecolor(&self, r: u8, g: u8, b: u8) -> BgDynColorDisplay<'_, Rgb, Self>

Sets the background color to an RGB value.
Source§

fn style(&self, style: Style) -> Styled<&Self>

Apply a runtime-determined style
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,