pub fn write_vault(
path: &Path,
header: &VaultHeader,
secrets: &[Secret],
hmac_key: &[u8],
) -> Result<()>Expand description
Write a vault file to disk atomically.
- Serialize header and secrets to JSON.
- Compute HMAC over header + secrets bytes.
- Write to a temp file in the same directory.
- Rename temp file over the target path.
The rename ensures readers never see a half-written file.