zlayer-secrets 0.11.21

Secure secrets management for ZLayer container workloads
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

[package]
name = "zlayer-secrets"
description = "Secure secrets management for ZLayer container workloads"
version.workspace = true
edition.workspace = true
license.workspace = true
repository.workspace = true
rust-version.workspace = true

[dependencies]
# Async
async-trait.workspace = true
tokio.workspace = true

# Serialization
serde.workspace = true
serde_json.workspace = true

# Error handling
thiserror.workspace = true

# Logging
tracing.workspace = true

# Cryptography
hex.workspace = true
chacha20poly1305 = "0.10"
crypto_box = { version = "0.9", features = ["seal"] }
argon2 = "0.5"
rand.workspace = true
sha2.workspace = true
base64.workspace = true

# Secret handling
secrecy = { version = "0.10", features = ["serde"] }
zeroize = { version = "1.7", features = ["derive"] }

# Time handling
chrono.workspace = true

# UUID generation
uuid.workspace = true

# Storage (optional)
sqlx = { version = "0.8", features = ["sqlite", "runtime-tokio"], optional = true }

# HashiCorp Vault (optional)
vaultrs = { version = "0.7", optional = true }
zlayer-paths.workspace = true
zlayer-types.workspace = true

[features]
default = ["persistent"]
persistent = ["sqlx"]
vault = ["vaultrs"]

[dev-dependencies]
tempfile = "3"
serial_test = "3"
# Used by `tests/replication_three_node.rs` to exercise the
# `require_secret_perm` RBAC gate against a real `InMemoryPermissionStore`.
# Cargo permits this dev-dep edge despite `zlayer-api` having a normal
# dep on `zlayer-secrets`: dev-dep cycles are excluded from the regular
# build graph and only resolved when building tests/examples/benches.
zlayer-api = { path = "../zlayer-api" }

[lints]
workspace = true