Skip to main content

SecretResolver

cuenv_secrets

Trait SecretResolver 

Source 
pub trait SecretResolver: Send + Sync {
    // Required methods
    fn resolve<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        name: &'life1 str,
        spec: &'life2 SecretSpec,
    ) -> Pin<Box<dyn Future<Output = Result<String, SecretError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn provider_name(&self) -> &'static str;

    // Provided methods
    fn resolve_secure<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        name: &'life1 str,
        spec: &'life2 SecretSpec,
    ) -> Pin<Box<dyn Future<Output = Result<SecureSecret, SecretError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait { ... }
    fn resolve_batch<'life0, 'life1, 'async_trait>(
        &'life0 self,
        secrets: &'life1 HashMap<String, SecretSpec>,
    ) -> Pin<Box<dyn Future<Output = Result<HashMap<String, SecureSecret>, SecretError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
    fn supports_native_batch(&self) -> bool { ... }
}
Expand description

Trait for resolving secrets from various providers.

Implementors must provide:

The trait provides default implementations for batch operations that can be overridden for providers with native batch APIs (e.g., AWS BatchGetSecretValue).

Required Methods§

Source

fn resolve<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, spec: &'life2 SecretSpec, ) -> Pin<Box<dyn Future<Output = Result<String, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Resolve a single secret by name and spec.

This is the primary method that must be implemented by all resolvers.

Source

fn provider_name(&self) -> &'static str

Get the provider name for this resolver.

Used for grouping secrets by provider in batch resolution. Examples: "env", "aws", "vault", "onepassword"

Provided Methods§

Source

fn resolve_secure<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, spec: &'life2 SecretSpec, ) -> Pin<Box<dyn Future<Output = Result<SecureSecret, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Resolve a single secret returning a secure value.

The returned SecureSecret will automatically zero its memory on drop.

Source

fn resolve_batch<'life0, 'life1, 'async_trait>( &'life0 self, secrets: &'life1 HashMap<String, SecretSpec>, ) -> Pin<Box<dyn Future<Output = Result<HashMap<String, SecureSecret>, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Resolve multiple secrets in batch with concurrent execution.

Override this method to implement provider-specific batch APIs (e.g., AWS BatchGetSecretValue, 1Password Secrets.ResolveAll).

The default implementation resolves secrets concurrently using futures::try_join_all, which is optimal for providers without native batch APIs.

§Returns

A map of secret names to SecureSecret values that will be automatically zeroed on drop.

Source

fn supports_native_batch(&self) -> bool

Check if this resolver supports native batch resolution.

Returns true if the provider has a native batch API that is more efficient than concurrent single calls.

Implementors§