vaultmux 0.1.0

Unified async interface for password managers and cloud secret vaults - write once, support pass, Bitwarden, AWS, GCP, Azure
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

# Vaultmux

> **Write once, run anywhere - unified secret management for Rust**

[![Blackwell Systems™](https://raw.githubusercontent.com/blackwell-systems/blackwell-docs-theme/main/badge-trademark.svg)](https://github.com/blackwell-systems)
[![License](https://img.shields.io/badge/license-MIT%20OR%20Apache--2.0-blue.svg)](LICENSE-MIT)
[![Rust Version](https://img.shields.io/badge/rust-1.88+-blue.svg)](https://www.rust-lang.org/)

One async interface for 8 secret backends. Switch from pass to AWS Secrets Manager without changing your code.

```rust
let config = Config::new(BackendType::Pass).with_prefix("myapp");
let mut backend = factory::new_backend(config)?;
```

Change one line, support any vault.

## Why

Your application needs secrets. But which vault?

- **Developers** want pass or Bitwarden
- **CI/CD** needs cloud vaults (AWS, GCP, Azure)
- **Windows servers** need Credential Manager
- **Tests** need a mock

Without vaultmux, you write 8 different integrations. With vaultmux, you write one.

Rust port of the [Go vaultmux library](https://github.com/blackwell-systems/vaultmux).

## Features

- **Unified API** - Single `Backend` trait works with any vault
- **Async/Await** - Built on tokio for non-blocking I/O
- **Type Safety** - Leverage Rust's type system for compile-time guarantees
- **Session Caching** - Avoid repeated authentication with disk-based caching
- **Error Context** - Rich error types with full context and chaining
- **Feature Flags** - Optional backend compilation to minimize dependencies
- **Testable** - Includes mock backend for unit testing

## Supported Backends

| Backend | Feature Flag | CLI Required | Platform | Status |
|---------|-------------|--------------|----------|--------|
| **Mock** | `mock` (default) | None | All | Implemented |
| **pass** | `pass` | `pass`, `gpg` | Unix | Implemented |
| **Bitwarden** | `bitwarden` | `bw` | All | Implemented |
| **1Password** | `onepassword` | `op` | All | Implemented |
| **AWS Secrets Manager** | `aws` | None (SDK) | All | Implemented |
| **GCP Secret Manager** | `gcp` | None (SDK) | All | Implemented |
| **Azure Key Vault** | `azure` | None (SDK) | All | Implemented |
| **Windows Credential Manager** | `wincred` | PowerShell | Windows | Implemented |

## Installation

```toml
[dependencies]
vaultmux = { version = "0.1", features = ["bitwarden", "aws"] }
```

Available features: `mock`, `pass`, `bitwarden`, `onepassword`, `aws`, `gcp`, `azure`, `wincred`, or `full` for all backends.

## Quick Start

```rust
use vaultmux::{factory, Backend, Config, BackendType};

#[tokio::main]
async fn main() -> vaultmux::Result<()> {
    // Create backend
    let config = Config::new(BackendType::Pass)
        .with_prefix("myapp");

    let mut backend = factory::new_backend(config)?;
    backend.init().await?;

    // Authenticate
    let session = backend.authenticate().await?;

    // Store a secret
    backend.create_item("api-key", "secret-value", &*session).await?;

    // Retrieve it
    let secret = backend.get_notes("api-key", &*session).await?;
    println!("Secret: {}", secret);

    Ok(())
}
```

## Testing

Use the mock backend to test without real vaults:

```rust
use vaultmux::backends::mock::MockBackend;

#[tokio::test]
async fn test_my_code() {
    let mut backend = MockBackend::new();
    backend.set_item("test-key", "test-value").await;
    // Test your code...
}
```

Run tests: `cargo test --all-features`

See [User Guide](docs/user-guide.md#testing) for integration testing with LocalStack.

## Documentation

- **[User Guide](docs/user-guide.md)** - Setup, patterns, best practices
- **[API Reference](docs/api-reference.md)** - Complete API documentation
- **[Examples](examples/)** - Real-world usage patterns

Or generate docs locally:
```bash
cargo doc --open
```

## Comparison to Go Version

| Feature | Go | Rust |
|---------|-----|------|
| **Type Safety** | Runtime | Compile-time |
| **Memory Safety** | GC | Ownership system |
| **Concurrency** | Goroutines | async/await + tokio |
| **Error Handling** | `(T, error)` | `Result<T, E>` |
| **Dependencies** | Modules | Crates + features |

## Contributing

Contributions welcome! Current priorities:

1. Add integration tests for all backends
2. Create comprehensive usage examples
3. Improve documentation and API docs
4. Set up CI/CD pipeline
5. Add performance benchmarks

## License

Licensed under either of:

- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)

at your option.

## Credits

Rust port by Dayna Blackwell (Blackwell Systems™).  
Original Go implementation: https://github.com/blackwell-systems/vaultmux