zlayer_secrets/
lib.rs

1//! `ZLayer` Secrets Management
2//!
3//! Provides secure storage and retrieval of secrets for container workloads.
4//!
5//! ## Scoping
6//! Secrets are organized hierarchically:
7//! - Deployment-level: Shared by all services in a deployment
8//! - Service-level: Specific to a single service
9//!
10//! ## Syntax
11//! - `$S:secret-name` - Deployment-level secret
12//! - `$S:@service/secret-name` - Service-specific secret
13//! - `$secret://<env>/<KEY>` - Environment-scoped secret (requires an
14//!   [`EnvScopeProvider`] wired via [`SecretsResolver::with_env_resolver`])
15//! - `$secret://<env>/<KEY>/<field>` - With JSON field extraction
16
17mod encryption;
18mod error;
19mod jwt;
20mod key_manager;
21mod provider;
22mod types;
23
24#[cfg(feature = "persistent")]
25mod persistent;
26
27#[cfg(feature = "persistent")]
28pub mod credentials;
29
30#[cfg(feature = "persistent")]
31pub mod registry_credentials;
32
33#[cfg(feature = "persistent")]
34pub mod git_credentials;
35
36#[cfg(feature = "vault")]
37mod vault;
38
39pub use encryption::EncryptionKey;
40pub use error::{Result, SecretsError};
41pub use jwt::{JwtSecretManager, ENV_JWT_SECRET};
42pub use key_manager::KeyManager;
43pub use provider::{EnvScopeProvider, SecretsProvider, SecretsResolver, SecretsStore};
44pub use types::{RotationResult, Secret, SecretMetadata, SecretRef, SecretScope};
45
46#[cfg(feature = "persistent")]
47pub use persistent::PersistentSecretsStore;
48
49#[cfg(feature = "persistent")]
50pub use credentials::CredentialStore;
51
52#[cfg(feature = "persistent")]
53pub use git_credentials::{GitCredential, GitCredentialKind, GitCredentialStore};
54
55#[cfg(feature = "persistent")]
56pub use registry_credentials::{RegistryAuthType, RegistryCredential, RegistryCredentialStore};
57
58#[cfg(feature = "vault")]
59pub use vault::VaultSecretsProvider;
zlayer_secrets/lib.rs

zlayer_secrets/
lib.rs
