pub trait SecretSource: Send + Sync {
// Required methods
fn name(&self) -> &str;
fn capabilities(&self) -> Capabilities;
fn is_available<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = SourceStatus> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn get<'life0, 'life1, 'async_trait>(
&'life0 self,
reference: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Option<GetOutcome>, SourceError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
// Provided methods
fn requires_credential(&self) -> Option<CredentialRef> { ... }
fn list<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<Vec<RemoteRef>, SourceError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait { ... }
fn validate<'life0, 'life1, 'async_trait>(
&'life0 self,
reference: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), SourceError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait { ... }
}Expand description
Backend-agnostic interface for any “place secrets live.”
Per ADR-021 §1. Implementations are sync-Sendable so they can
be stored in a Box<dyn SecretSource> and shared across tasks.
Operations are async so HTTP-backed sources (Vault, future
cloud KMS) don’t have to block; the local sources
(keychain, local-vault, env-store) await trivially.
§Default-method behaviour
list and validate default to returning
SourceError::UnsupportedCapability. A source that declares
the matching capability bit must override the corresponding
method, or the router’s invariant (“declared cap → call works”)
breaks. (A debug-build assertion in P5.3 will catch the
mismatch.)
requires_credential defaults to None, which is what most
sources want — only Vault, 1Password, AWS, and friends override.
Required Methods§
Sourcefn name(&self) -> &str
fn name(&self) -> &str
Stable identifier of this source instance. Matches the
name field of [[source]] in sources.toml.
Sourcefn capabilities(&self) -> Capabilities
fn capabilities(&self) -> Capabilities
Static capability bitset for this source. Cheap; called by the router on every dispatch so do not allocate.
Sourcefn is_available<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = SourceStatus> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn is_available<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = SourceStatus> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Probe the backend. Cheap when the source caches the answer;
otherwise this might shell out (op account list) or open a
short-lived connection. Used by the router’s fallback logic
(ADR-021 §2 step 3) and by doctor.
Sourcefn get<'life0, 'life1, 'async_trait>(
&'life0 self,
reference: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Option<GetOutcome>, SourceError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn get<'life0, 'life1, 'async_trait>(
&'life0 self,
reference: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Option<GetOutcome>, SourceError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Fetch the value at reference. Ok(None) means “the source
is operational but has no entry there”; an error means the
source itself failed to talk to its upstream.
Provided Methods§
Sourcefn requires_credential(&self) -> Option<CredentialRef>
fn requires_credential(&self) -> Option<CredentialRef>
What the source itself needs to be unlocked / operational.
None for self-contained sources (keychain, env-store).
Some(Path(_)) or Some(Sentinel(_)) for sources that
depend on something the framework has to provide first
(Vault token, 1Password account session).
Sourcefn list<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<Vec<RemoteRef>, SourceError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn list<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<Vec<RemoteRef>, SourceError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Enumerate the source’s inventory. Default implementation
reports unsupported. A source that declares
Capabilities::LIST must override.
Sourcefn validate<'life0, 'life1, 'async_trait>(
&'life0 self,
reference: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), SourceError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn validate<'life0, 'life1, 'async_trait>(
&'life0 self,
reference: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), SourceError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Confirm reference is well-formed for this backend without
round-tripping for the value (e.g. parse the op:// URL,
check the Vault path syntax). Default implementation reports
unsupported.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".