Expand description
Secrets management and field-level encryption for FraiseQL.
This crate provides the secrets management implementation directly:
- Multiple secrets backends (Vault, environment variables, files)
- AES-256-GCM field-level encryption for sensitive database fields
- Key rotation, audit logging, and compliance utilities
§Crate structure
secrets_manager— Vault, environment, and file backends; lease renewal;create_secrets_managerfactoryencryption—FieldEncryption(AES-256-GCM) andVersionedFieldEncryptionfor encrypted database column storage
§Integration with fraiseql-server
When FRAISEQL_SECRETS_BACKEND is set at startup, fraiseql-server initialises
a SecretsManager automatically. For standalone use (CLI tools, migrations), use
create_secrets_manager directly from this crate.
Re-exports§
pub use encryption::FieldEncryption;pub use encryption::VersionedFieldEncryption;pub use secrets_manager::LeaseRenewalTask;pub use secrets_manager::SecretsBackendConfig;pub use secrets_manager::SecretsError;pub use secrets_manager::SecretsManager;pub use secrets_manager::VaultAuth;pub use secrets_manager::backends::EnvBackend;pub use secrets_manager::backends::FileBackend;pub use secrets_manager::backends::VaultBackend;pub use secrets_manager::create_secrets_manager;pub use secrets_manager::types::Secret;pub use secrets_manager::types::SecretsBackend;
Modules§
- encryption
- Encryption for sensitive database fields using AES-256-GCM
- secrets_
manager - Abstraction layer for multiple secrets backends (Vault, Environment Variables, File)
Type Aliases§
- Result
- Crate-level
Resultalias — errors are alwaysSecretsError.