Expand description
§getmyid
A Rust client library for the whoami Identity-by-PID daemon.
This library provides both synchronous and asynchronous clients for querying process identity
from the whoami daemon, which uses the Linux kernel’s SO_PEERCRED mechanism to securely
identify local processes.
§Features
- Synchronous client: Default, no additional dependencies
- Asynchronous client: Enable the
tokiofeature for async support - Runner context: Send client context that gets merged with server identity
- Builder pattern: Flexible client configuration
- Type-safe: Strongly typed identity and error types
§Quick Start
§Synchronous Usage
use getmyid::Client;
fn main() -> Result<(), getmyid::GetMyIdError> {
let client = Client::new();
let identity = client.get_identity()?;
println!("Identity: {}", identity.identity);
println!("IDM URL: {}", identity.idm_url);
println!("Config URL: {}", identity.config_url);
println!("Token: {}", identity.token);
println!("Hostname: {}", identity.runner.hostname);
println!("Process: {} (PID: {})", identity.runner.process, identity.runner.pid);
Ok(())
}§With Runner Context (for dynamic configuration)
use getmyid::{Client, RunnerRequest};
fn main() -> Result<(), getmyid::GetMyIdError> {
let client = Client::new();
// Send context that will be merged with identity in runner object
let runner_req = RunnerRequest::new()
.with_instance_id(42)
.with_current_timestamp();
let identity = client.get_identity_with_runner(Some(runner_req))?;
// The runner object can be passed directly to a config server
println!("Runner: {:?}", identity.runner);
Ok(())
}§Asynchronous Usage (requires tokio feature)
use getmyid::AsyncClient;
#[tokio::main]
async fn main() -> Result<(), getmyid::GetMyIdError> {
let client = AsyncClient::new();
let identity = client.get_identity().await?;
println!("Identity: {}", identity.identity);
Ok(())
}§Custom Socket Path
use std::time::Duration;
use getmyid::Client;
let client = Client::builder()
.socket_path("/tmp/whoami.sock")
.timeout(Duration::from_secs(10))
.build();§How It Works
- Your application connects to the whoami daemon’s Unix Domain Socket
- Optionally sends a runner request with client context (instance_id, timestamp, etc.)
- The daemon uses
SO_PEERCREDto get your process’s PID, UID, and GID from the kernel - The daemon reads additional info from
/proc/[PID]/(process name, executable path) - The daemon matches your identity against configured rules
- Returns identity with a
runnerobject containing merged client + server fields
The runner object is designed to be passed directly to a config server, which can
use both the verified identity and client-provided context to route configuration.
This provides zero-trust authentication where applications don’t need passwords - the Linux kernel vouches for their identity.
Structs§
- Client
- Synchronous client for communicating with the whoami daemon.
- Client
Builder - Builder for creating a customized
Client. - Identity
- Identity information returned by the whoami daemon.
- Runner
- Runner information containing both client-provided context and server-injected identity fields.
- Runner
Request - Client-provided runner context to send to whoami daemon.
Enums§
- GetMy
IdError - Errors that can occur when communicating with the whoami daemon.
Constants§
- DEFAULT_
SOCKET_ PATH - Default socket path for the whoami daemon.
- DEFAULT_
TIMEOUT - Default timeout for connections.
Functions§
- get_
identity - Convenience function to get identity using default settings.
- get_
identity_ from - Convenience function to get identity using a custom socket path.
Type Aliases§
- Result
- Result type alias for getmyid operations.