[][src]Struct credstash::CredStashClient

pub struct CredStashClient { /* fields omitted */ }

CredStash client. This Struct internally handles the KMS and DynamoDB client connections and their credentials. Note that the client will use the default credentials provider and tls client.

Methods

impl CredStashClient[src]

pub fn new(
    credential: CredStashCredential,
    region: Option<Region>
) -> Result<CredStashClient, CredStashClientError>[src]

Creates a new client backend. Note that this uses the default AWS credential provider and the tls client.

pub fn list_secrets<'a>(
    &'a self,
    table_name: String
) -> impl Future<Item = Vec<CredstashKey>, Error = CredStashClientError> + 'a[src]

Returns all the Credential name stored in the DynamoDB table.

Arguments

  • table_name: The name of the table from which to list CredstashKey

pub fn put_secret_auto_version<'a>(
    &'a self,
    table_name: String,
    credential_name: String,
    credential_value: String,
    key_id: Option<String>,
    encryption_context: Vec<(String, String)>,
    comment: Option<String>,
    digest_algorithm: Algorithm
) -> impl Future<Item = PutItemOutput, Error = CredStashClientError> + 'a[src]

Inserts new credential in the DynamoDB table. This is same as put_secret but it also increments the version of the credential_name automatically.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.
  • credential_value: Credential secret value which has to be encrypted and stored securely.
  • key_id: The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • comment: Optional comment to specify for the credential.
  • digest_algorithm: The digest algorithm that should be used for computing the HMAC of the encrypted text.

pub fn get_highest_version(
    &self,
    table_name: String,
    credential_name: String
) -> impl Future<Item = u64, Error = CredStashClientError>[src]

Get the latest version of the credential in the DynamoDB table. credential_name automatically.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.

pub fn delete_secret<'a>(
    &'a self,
    table_name: String,
    credential_name: String
) -> impl Future<Item = Vec<DeleteItemOutput>, Error = CredStashClientError> + 'a[src]

Delete the credential from the DynamoDB table.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.

pub fn put_secret<'a>(
    &'a self,
    table_name: String,
    credential_name: String,
    credential_value: String,
    key_id: Option<String>,
    encryption_context: Vec<(String, String)>,
    version: Option<u64>,
    comment: Option<String>,
    digest_algorithm: Algorithm
) -> impl Future<Item = PutItemOutput, Error = CredStashClientError> + 'a[src]

Inserts new credential in the DynamoDB table.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.
  • credential_value: Credential secret value which has to be encrypted and stored securely.
  • key_id: The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • comment: Optional comment to specify for the credential.
  • digest_algorithm: The digest algorithm that should be used for computing the HMAC of the encrypted text.

pub fn create_db_table<'a>(
    &'a self,
    table_name: String,
    tags: Vec<(String, String)>
) -> impl Future<Item = CreateTableOutput, Error = CredStashClientError> + 'a[src]

Creates the necessary table for the credential to be stored in future. Note that this API is an asynchronous operatio. Upon receiving a CreateTable request, DynamoDB immediately returns a response with a TableStatus of CREATING. After the table is created, DynamoDB sets the TableStatus to ACTIVE. You can perform read and write operations only on an ACTIVE table.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • tags: Tags to associate with the table.

pub fn get_all_secrets<'a>(
    &'a self,
    table_name: String,
    encryption_context: Vec<(String, String)>,
    version: Option<u64>
) -> impl Future<Item = Vec<CredstashItem>, Error = CredStashClientError> + 'a[src]

Get all the secrets present in the DynamoDB table.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • version: The version of the credential which has to be retrieved. By default, it will retrieve the latest version.

pub fn get_secret<'a>(
    &'a self,
    table_name: String,
    credential_name: String,
    encryption_context: Vec<(String, String)>,
    version: Option<u64>
) -> impl Future<Item = CredstashItem, Error = CredStashClientError> + 'a[src]

Get a specific secret present in the DynamoDB table.

Arguments

  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name which has to be retrieved.
  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • version: The version of the credential which has to be retrieved. By default, it will retrieve the latest version.

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.