pub trait SecretStore: Send + Sync {
// Required methods
fn put(&self, id: VarId, value: SecretString) -> Result<(), SecretError>;
fn get(&self, id: VarId) -> Result<Option<SecretString>, SecretError>;
fn delete(&self, id: VarId) -> Result<(), SecretError>;
}Expand description
Backend that holds secret values keyed by VarId.
Values must never be returned through other channels (e.g. Debug) nor
retained longer than the immediate caller needs. Implementations are
expected to use the host OS’s native secret storage; see the architecture
notes in the workspace README.
Required Methods§
Sourcefn put(&self, id: VarId, value: SecretString) -> Result<(), SecretError>
fn put(&self, id: VarId, value: SecretString) -> Result<(), SecretError>
Store value for id, replacing any previous value.
§Errors
Returns SecretError::Backend if the keyring rejected the write or
SecretError::Unavailable if the host platform offers no usable
secret storage and no fallback was configured.
Sourcefn get(&self, id: VarId) -> Result<Option<SecretString>, SecretError>
fn get(&self, id: VarId) -> Result<Option<SecretString>, SecretError>
Retrieve the secret value for id, or Ok(None) if absent.
§Errors
Returns SecretError::Backend on backend failure.
Sourcefn delete(&self, id: VarId) -> Result<(), SecretError>
fn delete(&self, id: VarId) -> Result<(), SecretError>
Delete the secret value for id. No-op if absent.
§Errors
Returns SecretError::Backend on backend failure.