secretx-core 0.5.1

Core traits and types for the secretx secrets retrieval library.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

# secretx-core

Core traits and types for the [secretx](https://crates.io/crates/secretx) secrets library.

`secretx-core` defines the shared interfaces that all secretx backends implement.

## Key types

**`SecretStore`** — the main async trait: `get` and `refresh`. All backends implement this.

**`SigningBackend`** — for HSM-resident keys that must never leave hardware: `sign`, `public_key_der`, `algorithm`.

**`SecretValue`** — wraps `Zeroizing<Vec<u8>>`. Memory is zeroed on drop. Does not implement `Debug`, `Display`, or `Clone` — cannot appear in log output by accident.

**`SecretError`** — `#[non_exhaustive]` enum: `NotFound`, `Backend`, `InvalidUri`, `DecodeFailed`, `Unavailable`.

**`SecretUri`** — parser for `secretx:` URIs used by backend constructors.

## Usage

Application code depends on `secretx-core` for trait methods and error handling. Backend crate authors implement `SecretStore` or `SigningBackend` against it.

```toml
[dependencies]
secretx-core = "0.4"
```

```rust
use secretx_core::{SecretStore, SecretError, SecretValue};

async fn load(store: &dyn SecretStore) -> Result<SecretValue, SecretError> {
    store.get().await
}
```

## Part of secretx

This crate is part of the [secretx](https://crates.io/crates/secretx) workspace — a
backend-agnostic secrets retrieval library for Rust. Use the `secretx` umbrella crate
to select a backend at runtime from a URI, or depend on a backend crate directly if
you only need one backend.