rusty_vault 0.2.1

RustyVault is a powerful identity-based secrets management software, providing features such as cryptographic key management, encryption as a service, public key cryptography, certificates management, identity credentials management and so forth. RustyVault's RESTful API is designed to be fully compatible with Hashicorp Vault.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

use clap::Parser;
use derive_more::Deref;
use sysexits::ExitCode;

use crate::{
    errors::RvError,
    cli::command::{self, CommandExecutor},
    EXIT_CODE_INSUFFICIENT_PARAMS,
    EXIT_CODE_OK,
};

#[derive(Parser, Deref)]
#[command(author, version, about = r#"Seals the RustyVault server. Sealing tells the RustyVault server to stop responding
to any operations until it is unsealed. When sealed, the RustyVault server discards
its in-memory root key to unlock the data, so it is physically blocked from responding
to operations unsealed.

If an unseal is in progress, sealing the Vault will reset the unsealing process. Users
will have to re-enter their portions of the root key again.

This command does nothing if the RustyVault server is already sealed.

Seal the RustyVault server:

  $ rvault operator seal"#)]
pub struct Seal {
    #[deref]
    #[command(flatten, next_help_heading = "HTTP Options")]
    http_options: command::HttpOptions,
}

impl CommandExecutor for Seal {
    #[inline]
    fn execute(&mut self) -> ExitCode {
        match self.main() {
            Ok(_) => EXIT_CODE_OK,
            Err(e) => {
                eprintln!("Error: {}", e);
                EXIT_CODE_INSUFFICIENT_PARAMS
            }
        }
    }

    #[inline]
    fn main(&self) -> Result<(), RvError> {
        let client = self.client()?;
        let sys = client.sys();

        match sys.seal() {
            Ok(_) => {
                println!("Success! RustyVault is sealed.");
            }
            Err(e) => eprintln!("Error sealing: {}", e),
        }
        Ok(())
    }
}

#[cfg(test)]
mod test {
    use std::str::FromStr;

    use serde_json::Value;

    use crate::test_utils::TestHttpServer;

    #[test]
    fn test_cli_operator_seal() {
        let test_http_server = TestHttpServer::new("test_cli_operator_seal", true);

        // rvault status
        let ret = test_http_server.cli(&["status"], &["--format=raw"]);
        let ret = Value::from_str(ret.unwrap().as_str()).unwrap();
        let status_result = ret.as_object().unwrap();
        assert_eq!(status_result["sealed"], false);

        // rvault operator seal
        let ret = test_http_server.cli(&["operator", "seal"], &[]);
        assert_eq!(ret, Ok("Success! RustyVault is sealed.\n".into()));

        // rvault status
        let ret = test_http_server.cli(&["status"], &["--format=raw"]);
        let ret = Value::from_str(ret.unwrap().as_str()).unwrap();
        let status_result = ret.as_object().unwrap();
        assert_eq!(status_result["sealed"], true);
    }
}