Expand description
File-backed credential store using Turso (SQLite) and optional encryption.
This module implements the keyring_core::api::CredentialStoreApi and
keyring_core::api::CredentialApi traits, so it can be used wherever a
keyring_core::api::CredentialStore is expected (for example via
use_named_store_with_modifiers).
Features:
- Local SQLite storage with optional encryption options.
- WAL + busy timeout for better multi-process behavior.
- Optional uniqueness enforcement on (service, user) via
allow_ambiguity=false. - UUID and optional comment attributes exposed via the credential API.
- Search supports
service,user,uuid, andcommentregex filters.
Modifiers supported by new_with_modifiers:
path: path to the SQLite database file. Defaults to $XDG_STATE_HOME/keystore.db or $HOME/.local/state/keystore.dbencryption-cipher/cipher: encryption cipher name (optional, requires hexkey).encryption-hexkey/hexkey: encryption key as hex (optional, requires cipher).allow-ambiguity/allow_ambiguity:"true"or"false"(default"false").vfs: optional VFS backing selection ("memory","io_uring", or"syscall").
Example:
use std::collections::HashMap;
use db_keystore::{DbKeyStore, DbKeyStoreConfig};
// create from config
let config = DbKeyStoreConfig {
path: "keystore.db".into(),
..Default::default()
};
let store = DbKeyStore::new(&config).expect("store");
// or, create with modifiers
let modifiers = HashMap::from([
("path", "keystore.db"),
("allow-ambiguity", "true"),
]);
let store = DbKeyStore::new_with_modifiers(&modifiers).expect("store");Structs§
- DbKey
Store - DbKey
Store Config - Configure turso database
- Encryption
Opts - EncryptionOpts mirrors turso::EncryptionOpts See https://docs.turso.tech/tursodb/encryption Example ciphers: “aegis256”, “aes256gcm”. For 256-bit keys, hexkey is 64 chars.
Functions§
- default_
path - Default path for keystore: $XDG_STATE_HOME/keystore.db or $HOME/.local/state/keystore.db