envseal 0.3.8

Write-only secret vault with process-level access control — post-agent secret management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

//! Audit log — append-only record of all secret access events.
//!
//! Every GUI approval request, result, and environment block is recorded
//! to `<vault_root>/audit.log` (e.g. `~/.config/envseal/audit.log`) as
//! newline-delimited JSON, co-located with the vault and security
//! config. Append-only, hash-chained, and never truncated by envseal
//! itself — a forensic trail of who accessed what and when, never of
//! secret values.
//!
//! # Submodules
//!
//! - [`events`] — The [`AuditEvent`] enum: every event type envseal records.
//! - [`mod@log`] — Append/read primitives, hash-chain construction and
//!   verification, log-directory hardening.
//!
//! Public types and functions are re-exported at this module's root for
//! backward-compatible access (`envseal::audit::log_required`, etc.).

pub mod events;
pub mod log;

pub use events::AuditEvent;
pub use log::{
    extract_json_field, log, log_at, log_required, log_required_at, parse_entry, read_last,
    read_last_at, read_last_filtered, read_last_filtered_at, read_last_parsed_at,
    read_last_parsed_filtered_at, AuditFilter, ParsedEntry, ParsedReadResult,
};