kovra-wrapper 0.9.0

kovra subprocess wrapper — injects resolved secrets into a child process's environment without leaking plaintext (I6/I7).

Documentation

Coverage
100%
62 out of 62 items documented0 out of 24 items with examples
Size
Source code size: 161.09 kB This is the summed size of all the files inside the crates.io package for this release.
Documentation size: 1.39 MB This is the summed size of all files generated by rustdoc for all configured targets
Ø build duration
this release: 20s Average build duration of successful builds.
all releases: 21s Average build duration of successful builds in releases after 2024-10-23.
Links
Homepage
kaeus-inc/kovra-core
0 0 0
crates.io
Dependencies
Versions
Owners

kovra-wrapper-0.9.0 has been yanked.

kovra-wrapper

The subprocess wrapper for kovra — it launches a child process with resolved secrets placed into its environment, and nowhere else.

Secrets reach the child through the environment block only:

never on the command line (no secret value is ever placed in argv);
never written to disk by the wrapper;
never logged or printed.

Secret-bearing values are held in zeroizing buffers for the brief window between resolution and handing them to the child, and the wrapper observes the parent process so an attended-confirmation prompt can name the requesting command honestly.

Part of the kovra workspace: https://github.com/kaeus-inc/kovra-core. Licensed under BUSL-1.1.