use envseal::keychain::MasterKey;
use envseal::vault::Vault;
use std::sync::Arc;
#[test]
fn concurrent_revoke() {
let dir = crate::common::vault_tempdir();
let key = MasterKey::from_test_bytes([0x66; 32]);
let vault = Arc::new(Vault::open_with_key(dir.path(), key).unwrap());
for i in 0..10 {
vault.store(&format!("revoke-{i}"), b"val", false).unwrap();
}
let mut handles = Vec::new();
for i in 0..10 {
let v = Arc::clone(&vault);
handles.push(std::thread::spawn(move || {
let _ = v.revoke(&format!("revoke-{i}"));
}));
}
for h in handles {
h.join().unwrap();
}
let remaining = vault.list().unwrap();
assert!(
remaining.is_empty(),
"Fix: all revoked secrets must be gone"
);
}