tonin-core 0.3.3

Core types for tonin: Service builder, Config, Context, Error, runtime.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

//! Secret store capability.

use async_trait::async_trait;

use crate::Error;

#[async_trait]
pub trait SecretStore: Send + Sync + 'static {
    /// Resolve a secret by key. Hot-path safe — impls cache and refresh
    /// in the background; this is not expected to hit the provider per
    /// call.
    async fn get(&self, key: &str) -> Result<String, Error>;

    /// Span attribute `secret.provider`.
    /// `"k8s" | "vault" | "external-secrets" | "aws-secrets-manager"`.
    fn provider(&self) -> &'static str;
}

/// Default `SecretStore` impl that reads from the process environment.
/// Works out of the box with the k8s `envFrom: secretRef` wiring the
/// renderer emits — every required key is already an env var by the
/// time the container runs.
pub struct EnvSecretStore;

#[async_trait]
impl SecretStore for EnvSecretStore {
    async fn get(&self, key: &str) -> Result<String, Error> {
        std::env::var(key)
            .map_err(|_| Error::CapabilityPermanent(format!("secret '{key}' not in env")))
    }

    fn provider(&self) -> &'static str {
        "k8s"
    }
}