qnsp 0.2.0

Official Rust SDK for the QNSP Quantum-Native Security Platform — post-quantum cryptography (ML-KEM, ML-DSA, SLH-DSA, Falcon via liboqs), PQC-encrypted vault, KMS, and immutable audit trails.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

//! QNSP Vault — PQC-encrypted secret storage with versioning, rotation,
//! and deletion.

use reqwest::Method;
use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::sync::Arc;

use crate::activation::Activation;
use crate::errors::Error;
use crate::service_client::ServiceClient;

const PATH_PREFIX: &str = "/vault/v1";

#[derive(Clone)]
pub struct Client {
    sc: ServiceClient,
}

impl Client {
    pub fn new(activation: Arc<Activation>, http: reqwest::Client) -> Self {
        Self { sc: ServiceClient::new(activation, http, PATH_PREFIX) }
    }

    pub async fn create_secret(
        &self,
        req: CreateSecretRequest,
        idempotency_key: Option<&str>,
    ) -> Result<Value, Error> {
        self.sc
            .request(Method::POST, "/secrets", Some(&req), None, idempotency_key)
            .await
    }

    pub async fn get_secret(&self, secret_id: &str) -> Result<Value, Error> {
        self.sc
            .request::<()>(Method::GET, &format!("/secrets/{}", secret_id), None, None, None)
            .await
    }

    pub async fn get_secret_version(&self, secret_id: &str, version: u64) -> Result<Value, Error> {
        self.sc
            .request::<()>(
                Method::GET,
                &format!("/secrets/{}/versions/{}", secret_id, version),
                None,
                None,
                None,
            )
            .await
    }

    pub async fn rotate_secret(
        &self,
        secret_id: &str,
        payload_b64: String,
        algorithm: Option<String>,
        idempotency_key: Option<&str>,
    ) -> Result<Value, Error> {
        #[derive(Serialize)]
        struct Body {
            #[serde(rename = "payloadB64")]
            payload_b64: String,
            #[serde(skip_serializing_if = "Option::is_none")]
            algorithm: Option<String>,
        }
        self.sc
            .request(
                Method::POST,
                &format!("/secrets/{}/rotate", secret_id),
                Some(&Body { payload_b64, algorithm }),
                None,
                idempotency_key,
            )
            .await
    }

    pub async fn delete_secret(&self, secret_id: &str) -> Result<(), Error> {
        self.sc
            .request::<()>(
                Method::DELETE,
                &format!("/secrets/{}", secret_id),
                None,
                None,
                None,
            )
            .await?;
        Ok(())
    }

    pub async fn list_secret_versions(&self, secret_id: &str) -> Result<Value, Error> {
        self.sc
            .request::<()>(
                Method::GET,
                &format!("/secrets/{}/versions", secret_id),
                None,
                None,
                None,
            )
            .await
    }
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CreateSecretRequest {
    pub name: String,
    #[serde(rename = "payloadB64")]
    pub payload_b64: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub algorithm: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub metadata: Option<serde_json::Map<String, Value>>,
}