pub trait SecretPattern: Send + Sync {
// Required methods
fn id(&self) -> &str;
fn display_name(&self) -> &str;
fn format_regex(&self) -> &Regex;
fn severity(&self) -> Severity;
// Provided methods
fn metadata(&self) -> Option<&PatternMetadata> { ... }
fn rotation(&self) -> Option<&RotationSpec> { ... }
fn liveness(&self) -> Option<&LivenessSpec> { ... }
}Expand description
One kind of secret in the catalogue.
Implementors are usually zero-sized types (one per pattern); the
catalogue (epic phase P2.2) holds them behind &'static dyn SecretPattern references.
Thread-safety. The trait requires Send + Sync because the
secret store and the OTLP sanitizer both consume patterns from
concurrent contexts.
Layering. The mandatory accessors (id, display_name,
format_regex, severity) cover the OTLP-sanitizer / scan use
case. The three optional layers (metadata, rotation,
liveness) cover the secret-store use case; patterns may
implement all, some, or none of them. The default impl returns
None so a minimal pattern only has to write four method
bodies.
Required Methods§
Sourcefn id(&self) -> &str
fn id(&self) -> &str
Stable identifier (lowercase, kebab-case). Used as a foreign
key from the global index entry’s pattern_id (ADR-020 §3)
and as a join key with other tools that consume the
catalogue.
Sourcefn display_name(&self) -> &str
fn display_name(&self) -> &str
Human-readable name shown in secrets describe and in
scan-tool reports.
Sourcefn format_regex(&self) -> &Regex
fn format_regex(&self) -> &Regex
Regular expression matching valid values of this kind.
Returned by reference so implementors can lazy-compile and
cache the Regex (e.g. via OnceLock) without paying the
cost on every match. The catalogue is hot-path: every secret
resolution and every OTLP attribute walk hits this method.
Provided Methods§
Sourcefn metadata(&self) -> Option<&PatternMetadata>
fn metadata(&self) -> Option<&PatternMetadata>
Optional descriptive metadata (provider, retrieval URL, expiry, scopes).
Default returns None; consumers that only need format/severity
(the sanitizer and scan tools) ignore this layer.
Sourcefn rotation(&self) -> Option<&RotationSpec>
fn rotation(&self) -> Option<&RotationSpec>
Optional rotation hint (manual vs provider-driven).
Default returns None.
Sourcefn liveness(&self) -> Option<&LivenessSpec>
fn liveness(&self) -> Option<&LivenessSpec>
Optional liveness probe specification.
Default returns None. Patterns that ship a probe let the
secrets validate flow check whether a candidate value is
currently accepted by the upstream.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".