hasp-backend-file
file:// backend for the hasp secrets library.
URL grammar
file:///absolute/path/to/secret
file://localhost/absolute/path/to/secret
file://./relative/path/to/secret
file:///absolute/path/to/secret?raw=true
file:///etc/secrets/*.key # glob for list
file:///etc/secrets/**/*.key?hidden=1 # recursive, include dotfiles
- Absolute paths use an empty host or
localhost:file:///etc/secrets/db.txt. - Relative paths use
.as the host:file://./config/secrets.txt(resolved relative to the current working directory). ?raw=true(get only) disables the default newline trimming.?hidden=1(list only) includes dotfiles. Off by default.?follow_symlinks=1(list only) follows symlinks during**traversal. Off by default — prevents glob patterns from escaping the intended directory tree.
Supported operations
| Operation | Support |
|---|---|
get |
Read file contents as SecretString. Default strips one trailing \n or \r\n. |
put |
Write secret to file; creates parent directories if missing. |
exists |
true if the path exists. |
delete |
Remove the file. |
list |
Unix shell glob (*, **, ?, [abc]) over the path component. Only regular files are returned; symlinks and dotfiles excluded by default. |
Default newline trimming
Most secret files are created with echo "secret" > file, which appends an
unwanted newline. By default file:// strips exactly one trailing \r\n or
\n. Binary secrets or passphrase files where trailing whitespace is
intentional should use ?raw=true.
Error mapping
std::io::Error |
hasp::Error |
|---|---|
NotFound |
NotFound |
PermissionDenied |
PermissionDenied |
WouldBlock |
Backend { Transient } |
TimedOut |
Backend { Transient } |
Interrupted |
Backend { Transient } |
| All other I/O errors | Backend { Permanent } |
License
MIT OR Apache-2.0