Struct credstash::CredStashClient
source · pub struct CredStashClient { /* private fields */ }
Expand description
CredStash client. This Struct internally handles the KMS and DynamoDB client connections and their credentials. Note that the client will use the default credentials provider and tls client.
Implementations§
source§impl CredStashClient
impl CredStashClient
sourcepub fn new(
credential: CredStashCredential,
region: Option<Region>
) -> Result<CredStashClient, CredStashClientError>
pub fn new( credential: CredStashCredential, region: Option<Region> ) -> Result<CredStashClient, CredStashClientError>
Creates a new client backend. Note that this uses the default AWS credential provider and the tls client.
sourcepub async fn list_secrets(
&self,
table_name: String
) -> Result<Vec<CredstashKey>, CredStashClientError>
pub async fn list_secrets( &self, table_name: String ) -> Result<Vec<CredstashKey>, CredStashClientError>
Returns all the Credential name stored in the DynamoDB table.
Arguments
table_name
: The name of the table from which to listCredstashKey
sourcepub async fn put_secret_auto_version(
&self,
table_name: String,
credential_name: String,
credential_value: String,
key_id: Option<String>,
encryption_context: Vec<(String, String)>,
comment: Option<String>,
digest_algorithm: Algorithm
) -> Result<PutItemOutput, CredStashClientError>
pub async fn put_secret_auto_version( &self, table_name: String, credential_name: String, credential_value: String, key_id: Option<String>, encryption_context: Vec<(String, String)>, comment: Option<String>, digest_algorithm: Algorithm ) -> Result<PutItemOutput, CredStashClientError>
Inserts new credential in the DynamoDB table. This is same as
put_secret
but it also increments the version of the
credential_name automatically.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.credential_name
: Credential name to store.credential_value
: Credential secret value which has to be encrypted and stored securely.key_id
: The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK.For example:
-
Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
-
encryption_context
: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to theDecrypt
API or decryption will fail. For more information, see Encryption Context.comment
: Optional comment to specify for the credential.digest_algorithm
: The digest algorithm that should be used for computing the HMAC of the encrypted text.
sourcepub async fn get_highest_version(
&self,
table_name: String,
credential_name: String
) -> Result<u64, CredStashClientError>
pub async fn get_highest_version( &self, table_name: String, credential_name: String ) -> Result<u64, CredStashClientError>
Get the latest version of the credential in the DynamoDB table. credential_name automatically.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.credential_name
: Credential name to store.
sourcepub async fn delete_secret<'a>(
&self,
table_name: String,
credential_name: String
) -> Result<Vec<DeleteItemOutput>, CredStashClientError>
pub async fn delete_secret<'a>( &self, table_name: String, credential_name: String ) -> Result<Vec<DeleteItemOutput>, CredStashClientError>
Delete the credential from the DynamoDB table.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.credential_name
: Credential name to store.
sourcepub async fn put_secret(
&self,
table_name: String,
credential_name: String,
credential_value: String,
key_id: Option<String>,
encryption_context: Vec<(String, String)>,
version: Option<u64>,
comment: Option<String>,
digest_algorithm: Algorithm
) -> Result<PutItemOutput, CredStashClientError>
pub async fn put_secret( &self, table_name: String, credential_name: String, credential_value: String, key_id: Option<String>, encryption_context: Vec<(String, String)>, version: Option<u64>, comment: Option<String>, digest_algorithm: Algorithm ) -> Result<PutItemOutput, CredStashClientError>
Inserts new credential in the DynamoDB table.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.credential_name
: Credential name to store.credential_value
: Credential secret value which has to be encrypted and stored securely.key_id
: The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK.For example:
-
Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
-
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
-
encryption_context
: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to theDecrypt
API or decryption will fail. For more information, see Encryption Context.comment
: Optional comment to specify for the credential.digest_algorithm
: The digest algorithm that should be used for computing the HMAC of the encrypted text.
sourcepub async fn create_db_table(
&self,
table_name: String,
tags: Vec<(String, String)>
) -> Result<CreateTableOutput, CredStashClientError>
pub async fn create_db_table( &self, table_name: String, tags: Vec<(String, String)> ) -> Result<CreateTableOutput, CredStashClientError>
Creates the necessary table for the credential to be stored in future. Note that this API is an asynchronous operatio. Upon receiving a CreateTable request, DynamoDB immediately returns a response with a TableStatus of CREATING. After the table is created, DynamoDB sets the TableStatus to ACTIVE. You can perform read and write operations only on an ACTIVE table.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.tags
: Tags to associate with the table.
sourcepub async fn get_all_secrets(
&self,
table_name: String,
encryption_context: Vec<(String, String)>,
version: Option<u64>
) -> Result<Vec<CredstashItem>, CredStashClientError>
pub async fn get_all_secrets( &self, table_name: String, encryption_context: Vec<(String, String)>, version: Option<u64> ) -> Result<Vec<CredstashItem>, CredStashClientError>
Get all the secrets present in the DynamoDB table.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.encryption_context
: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to theDecrypt
API or decryption will fail. For more information, see Encryption Context.version
: The version of the credential which has to be retrieved. By default, it will retrieve the latest version.
sourcepub async fn get_secret(
&self,
table_name: String,
credential_name: String,
encryption_context: Vec<(String, String)>,
version: Option<u64>
) -> Result<CredstashItem, CredStashClientError>
pub async fn get_secret( &self, table_name: String, credential_name: String, encryption_context: Vec<(String, String)>, version: Option<u64> ) -> Result<CredstashItem, CredStashClientError>
Get a specific secret present in the DynamoDB table.
Arguments
table_name
: Name of the DynamoDB table against which the API operates.credential_name
: Credential name which has to be retrieved.encryption_context
: Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to theDecrypt
API or decryption will fail. For more information, see Encryption Context.version
: The version of the credential which has to be retrieved. By default, it will retrieve the latest version.