envseal 0.3.8

Write-only secret vault with process-level access control — post-agent secret management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

//! Persistent configuration — security tiers, detection→policy
//! overrides, on-disk persistence, and second-factor (TOTP) state.
//!
//! # Submodules
//!
//! - [`tiers`] — Pure data: [`tiers::SecurityConfig`] struct,
//!   [`tiers::SecurityTier`] / [`tiers::InputMethod`] enums, presets,
//!   `apply_preset`, and the few stateless accessors that depend
//!   only on the data (`effective_input_method`, `validate_tier_change`).
//! - [`policy_overrides`] — User-authored detection→policy override
//!   API: `set_signal_override` / `set_tier_override` / `clear_*`,
//!   `build_policy`, plus the canonical `ACTION_NAMES` /
//!   `SEVERITY_NAMES` / `TIER_NAMES` vocabulary the CLI surfaces.
//! - [`persistence`] — On-disk persistence: HMAC-signed
//!   `security.toml` `load_config` / `save_config`, the
//!   enterprise `/etc/envseal/system.toml` override channel, and
//!   `load_system_defaults`.
//! - [`totp`] — Time-based one-time password generation/verification (RFC 6238)
//!   used by the Lockdown tier's challenge gate.
//!
//! Every public item from these submodules is re-exported here, so
//! `envseal::config::SecurityConfig`, `envseal::config::load_config`,
//! `envseal::config::ACTION_NAMES`, etc. all resolve cleanly.

pub mod persistence;
pub mod policy_overrides;
pub mod tiers;
pub mod totp;

pub use persistence::*;
pub use policy_overrides::*;
pub use tiers::*;