pub trait CredentialStore: Send + Sync {
// Required methods
fn store(&self, key: &str, value: &SecretString) -> Result<()>;
fn get(&self, key: &str) -> Result<Option<SecretString>>;
fn delete(&self, key: &str) -> Result<()>;
// Provided methods
fn exists(&self, key: &str) -> bool { ... }
fn is_available(&self) -> bool { ... }
fn is_writable(&self) -> bool { ... }
}Expand description
Credential storage trait.
Implementations can use OS keychain, environment variables, in-memory storage, or other backends.
Required Methods§
Sourcefn store(&self, key: &str, value: &SecretString) -> Result<()>
fn store(&self, key: &str, value: &SecretString) -> Result<()>
Store a credential securely.
The key should follow the convention: {provider}.{credential_name}
For example: gitlab.token, github.token, jira.email.
The value is taken as &SecretString so callers cannot accidentally
log or otherwise leak the plaintext on its way into storage.
Sourcefn get(&self, key: &str) -> Result<Option<SecretString>>
fn get(&self, key: &str) -> Result<Option<SecretString>>
Retrieve a stored credential.
Returns Ok(None) if the credential doesn’t exist. The returned
SecretString redacts itself in Debug output and zeroizes the
buffer on drop — call .expose_secret() only at the boundary that
actually consumes the secret (HTTP header, etc.).
Provided Methods§
Sourcefn is_available(&self) -> bool
fn is_available(&self) -> bool
Check if this credential store is available and functional.
Returns true if the store can be used for credential operations.
This is useful for checking keychain availability in CI/container environments.
Sourcefn is_writable(&self) -> bool
fn is_writable(&self) -> bool
Check if this store supports write operations.
Some stores (like EnvVarStore) are read-only.