Skip to main content

SecretSource

Trait SecretSource 

Source
pub trait SecretSource: Send + Sync {
    // Required methods
    fn name(&self) -> &str;
    fn capabilities(&self) -> Capabilities;
    fn is_available<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = SourceStatus> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn get<'life0, 'life1, 'async_trait>(
        &'life0 self,
        reference: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<Option<GetOutcome>, SourceError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;

    // Provided methods
    fn requires_credential(&self) -> Option<CredentialRef> { ... }
    fn list<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = Result<Vec<RemoteRef>, SourceError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait { ... }
    fn validate<'life0, 'life1, 'async_trait>(
        &'life0 self,
        reference: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<(), SourceError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
}
Expand description

Backend-agnostic interface for any “place secrets live.”

Per ADR-021 §1. Implementations are sync-Sendable so they can be stored in a Box<dyn SecretSource> and shared across tasks. Operations are async so HTTP-backed sources (Vault, future cloud KMS) don’t have to block; the local sources (keychain, local-vault, env-store) await trivially.

§Default-method behaviour

list and validate default to returning SourceError::UnsupportedCapability. A source that declares the matching capability bit must override the corresponding method, or the router’s invariant (“declared cap → call works”) breaks. (A debug-build assertion in P5.3 will catch the mismatch.)

requires_credential defaults to None, which is what most sources want — only Vault, 1Password, AWS, and friends override.

Required Methods§

Source

fn name(&self) -> &str

Stable identifier of this source instance. Matches the name field of [[source]] in sources.toml.

Source

fn capabilities(&self) -> Capabilities

Static capability bitset for this source. Cheap; called by the router on every dispatch so do not allocate.

Source

fn is_available<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = SourceStatus> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Probe the backend. Cheap when the source caches the answer; otherwise this might shell out (op account list) or open a short-lived connection. Used by the router’s fallback logic (ADR-021 §2 step 3) and by doctor.

Source

fn get<'life0, 'life1, 'async_trait>( &'life0 self, reference: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Option<GetOutcome>, SourceError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Fetch the value at reference. Ok(None) means “the source is operational but has no entry there”; an error means the source itself failed to talk to its upstream.

Provided Methods§

Source

fn requires_credential(&self) -> Option<CredentialRef>

What the source itself needs to be unlocked / operational. None for self-contained sources (keychain, env-store). Some(Path(_)) or Some(Sentinel(_)) for sources that depend on something the framework has to provide first (Vault token, 1Password account session).

Source

fn list<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<Vec<RemoteRef>, SourceError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Enumerate the source’s inventory. Default implementation reports unsupported. A source that declares Capabilities::LIST must override.

Source

fn validate<'life0, 'life1, 'async_trait>( &'life0 self, reference: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<(), SourceError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Confirm reference is well-formed for this backend without round-tripping for the value (e.g. parse the op:// URL, check the Vault path syntax). Default implementation reports unsupported.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§