Expand description
Core domain primitives shared across brokers, SDKs, and providers.
Re-exports§
pub use crate::spec_registry::SecretSpecRegistry;pub use crate::spec_schema::specs_to_json_schema;pub use crate::spec_validate::SecretValidationResult;pub use api_keys::billing_api_key_uri;pub use api_keys::distributor_api_key_uri;pub use api_keys::get_billing_provider_api_key_ref;pub use api_keys::get_distributor_api_key_ref;pub use api_keys::get_repo_api_key_ref;pub use api_keys::repo_api_key_uri;pub use broker::BrokerSecret;pub use broker::SecretsBroker;pub use crypto::dek_cache::DekCache;pub use crypto::envelope::EnvelopeService;pub use embedded::CoreBuilder;pub use embedded::CoreConfig;pub use embedded::MemoryBackend;pub use embedded::MemoryKeyProvider;pub use embedded::Policy;pub use embedded::SecretsCore;pub use embedded::SecretsError;pub use policy::Authorizer;pub use policy::PolicyGuard;pub use policy::Principal;pub use provider::Provider;pub use provider_secrets::ProviderSecret;pub use provider_secrets::events_provider_secret_uri;pub use provider_secrets::get_events_provider_secret;pub use provider_secrets::get_messaging_adapter_secret;pub use provider_secrets::messaging_adapter_secret_uri;pub use provider_secrets::ttl_duration;pub use provider_secrets::ttl_seconds;pub use resolver::DefaultResolver;pub use resolver::ResolverConfig;pub use seed::DevStore;pub use seed::ApplyFailure;pub use seed::ApplyOptions;pub use seed::ApplyReport;pub use seed::BrokerStore;pub use seed::DevContext;pub use seed::HttpStore;pub use seed::NormalizedSeedEntry;pub use seed::SecretsStore;pub use seed::apply_seed;pub use seed::resolve_uri;pub use signing_keys::SigningPurpose;pub use signing_keys::get_signing_key_ref;pub use signing_keys::signing_key_ref_uri;pub use spec::SecretDescribable;pub use spec::SecretSpec;
Modules§
- api_
keys - Helpers for store/distributor/billing API key references (opaque refs only; no secrets).
- backend
- broker
- crypto
- embedded
- errors
- http
- key_
provider - policy
- probe
- provider
- provider_
secrets - Helper utilities for events/messaging provider secrets.
- resolver
- rt
- seed
- signing_
keys - Helpers for storing and retrieving signing key references (no signing logic).
- spec
- spec_
compat - spec_
registry - spec_
schema - spec_
validate - types
- uri
Structs§
- Envelope
- Envelope metadata associated with encrypted records.
- Scope
- Canonical scope grouping for secrets and principals.
- Secret
Identifier - Stable identifier wrapper preserved for compatibility.
- Secret
List Item - Lightweight listing entry for secrets.
- Secret
Meta - High-level metadata about a secret.
- Secret
Record - Concrete secret record.
- Secret
Uri - Secret
Version - Version metadata describing a specific revision of a secret.
- Versioned
Secret - Versioned record returned by backends.
Enums§
- Content
Type - Supported content encodings.
- Decrypt
Error - Encryption
Algorithm - Supported envelope algorithms.
- Error
- Canonical secrets error surface.
- Visibility
- Visibility boundary for a secret.
Traits§
- KeyProvider
- Trait implemented by key providers responsible for wrapping and unwrapping DEKs.
- Secrets
Backend - Storage interface implemented by provider backends.
Type Aliases§
- Decrypt
Result - Result alias for decryption operations.
- Result
- Result alias for secrets operations.