Struct libknox::VaultContext

pub struct VaultContext {
    pub path: String,
    pub vault: Vault,
}

Handle around a Vault instance.

Fields

path: String

vault: Vault

Methods

impl VaultContext

pub fn create<P>(path: P, identities: &[String]) -> Result<Self, Box<dyn Error>> where
    P: AsRef<Path>, 

Create a new vault.

Initializes a new empty vault, encrypted with the provided GPG identities. This function will fail if the given path is not empty or if a public key matching the identity cannot be found.

Arguments

• path - the filesystem path at which to create the vault.
• identities - a slice if GPG identities, represented by their owner's email address.

pub fn open<P>(path: P) -> Result<Self, Box<dyn Error>> where
    P: AsRef<Path>, 

Return a handle to a Vault from the filesystem.

Opens, decrypt the metadata of, and returns a handle that allows you to manipulate a Vault. This function will fail of the given path is not a vault instance or if it cannot be decrypted with an available GPG private key.

Arguments

• path - filesystem path where the vault is located.

pub fn write(&self) -> Result<(), Box<dyn Error>>

Write the vault metadata.

Persists all changes to the vault's metadata into the _knox.meta file containing the encrypted mapping between virtual (user) secret paths and filesystem paths.

This requires the GPG public keys of all identities used in the vault.

pub fn add_index(&mut self, path: &str, destination: &str)

Add an Entry to the index.

Adds an Entry to the index of a vault, allowing to retrieve a filesystem path from a virtual path. This does not manage the secret itself.

To persist the change, refer to VaultContext::write.

Arguments

• path - virtual path to the entry.
• destination - physical filesystem path to the entry.

pub fn remove_index(&mut self, path: &str)

Remove an Entry from the index.

Removes an Entry to the index of a vault, allowing to retrieve a filesystem path from a virtual path. This does not manage the secret itself.

To persist the change, refer to VaultContext::write.

Arguments

• path - virtual path to the entry

pub fn read_entry(&self, path: &str) -> Result<Entry, Box<dyn Error>>

Read an Entry.

Takes a virtual path and returns the decrypted Entry from the vault, if it exists.

Arguments

• path - the virtual path to the entry.

pub fn write_entry(
    &mut self,
    path: &str,
    entry: &Entry
) -> Result<(), Box<dyn Error>>

Persist an Entry.

Encrypts and writes an Entry to its physical location as described in the vault's index. The entry must exist in the index beforehand.

This requires the GPG public keys of all identities used in the vault.

Arguments

• path - the virtual path to the entry.
• entry - the Entry to be written.

pub fn delete_entry(&mut self, path: &str) -> Result<(), Box<dyn Error>>

Delete an Entry.

Deletes an Entry both from its backing filesystem location and from the index.

This requires the GPG public keys of all identities used in the vault because the index needs to be updated.

Arguments

• path - the virtual path to the entry.

pub fn has_pack<P>(&self, path: P) -> bool where
    P: AsRef<Path>, 

Check if a file exists under the vault's directory.

Arguments

• • path - a path relative to the vault's root directory.

pub fn add_identity(&mut self, identity: &str)

Add an identity to the vault

Saves a new identity to the vault's metadata. This does not touch any existing secrets, which should be re-encrypted for the new identity to be used.

Arguments

• identity - the GPG identity

pub fn remove_identity(&mut self, identity: &str)

Remove an identity from the vault.

Removes an existing identity from the vault's metadata. This does not touch any existing secrets, which should be re-encrypted for the removed identity to be unable de decrypt them.

Arguments

• identity - the GPG identity