Struct credstash::CredStashClient

source · 
pub struct CredStashClient { /* private fields */ }
Expand description

CredStash client. This Struct internally handles the KMS and DynamoDB client connections and their credentials. Note that the client will use the default credentials provider and tls client.

Implementations§

source§

impl CredStashClient

source

pub fn new( credential: CredStashCredential, region: Option<Region> ) -> Result<CredStashClient, CredStashClientError>

Creates a new client backend. Note that this uses the default AWS credential provider and the tls client.

source

pub async fn list_secrets( &self, table_name: String ) -> Result<Vec<CredstashKey>, CredStashClientError>

Returns all the Credential name stored in the DynamoDB table.

Arguments
  • table_name: The name of the table from which to list CredstashKey
source

pub async fn put_secret_auto_version( &self, table_name: String, credential_name: String, credential_value: String, key_id: Option<String>, encryption_context: Vec<(String, String)>, comment: Option<String>, digest_algorithm: Algorithm ) -> Result<PutItemOutput, CredStashClientError>

Inserts new credential in the DynamoDB table. This is same as put_secret but it also increments the version of the credential_name automatically.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.
  • credential_value: Credential secret value which has to be encrypted and stored securely.
  • key_id: The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • comment: Optional comment to specify for the credential.
  • digest_algorithm: The digest algorithm that should be used for computing the HMAC of the encrypted text.
source

pub async fn get_highest_version( &self, table_name: String, credential_name: String ) -> Result<u64, CredStashClientError>

Get the latest version of the credential in the DynamoDB table. credential_name automatically.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.
source

pub async fn delete_secret<'a>( &self, table_name: String, credential_name: String ) -> Result<Vec<DeleteItemOutput>, CredStashClientError>

Delete the credential from the DynamoDB table.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.
source

pub async fn put_secret( &self, table_name: String, credential_name: String, credential_value: String, key_id: Option<String>, encryption_context: Vec<(String, String)>, version: Option<u64>, comment: Option<String>, digest_algorithm: Algorithm ) -> Result<PutItemOutput, CredStashClientError>

Inserts new credential in the DynamoDB table.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name to store.
  • credential_value: Credential secret value which has to be encrypted and stored securely.
  • key_id: The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • comment: Optional comment to specify for the credential.
  • digest_algorithm: The digest algorithm that should be used for computing the HMAC of the encrypted text.
source

pub async fn create_db_table( &self, table_name: String, tags: Vec<(String, String)> ) -> Result<CreateTableOutput, CredStashClientError>

Creates the necessary table for the credential to be stored in future. Note that this API is an asynchronous operatio. Upon receiving a CreateTable request, DynamoDB immediately returns a response with a TableStatus of CREATING. After the table is created, DynamoDB sets the TableStatus to ACTIVE. You can perform read and write operations only on an ACTIVE table.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • tags: Tags to associate with the table.
source

pub async fn get_all_secrets( &self, table_name: String, encryption_context: Vec<(String, String)>, version: Option<u64> ) -> Result<Vec<CredstashItem>, CredStashClientError>

Get all the secrets present in the DynamoDB table.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • version: The version of the credential which has to be retrieved. By default, it will retrieve the latest version.
source

pub async fn get_secret( &self, table_name: String, credential_name: String, encryption_context: Vec<(String, String)>, version: Option<u64> ) -> Result<CredstashItem, CredStashClientError>

Get a specific secret present in the DynamoDB table.

Arguments
  • table_name: Name of the DynamoDB table against which the API operates.
  • credential_name: Credential name which has to be retrieved.
  • encryption_context: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.
  • version: The version of the credential which has to be retrieved. By default, it will retrieve the latest version.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more