greentic_secrets_runner/
lib.rs

1//! Host bridge utilities for environment-backed secrets with policy enforcement.
2
3pub mod bindings;
4pub mod env_provider;
5pub mod error;
6pub mod policy;
7pub mod tenant;
8
9pub use bindings::{Bindings, TenantBinding};
10pub use env_provider::EnvProvider;
11pub use error::SecretError;
12pub use policy::Policy;
13pub use tenant::{ScopeKind, TenantCtx};
14
15/// Convenience helper that wires bindings, policy, and the environment provider together.
16///
17/// The provided `bindings` describe the allowlist per tenant.  The optional `tenant` context
18/// narrows the lookup scope; when omitted the global allowlist is consulted.
19pub fn secrets_get(
20    bindings: &Bindings,
21    key: &str,
22    tenant: Option<&TenantCtx>,
23) -> Result<String, SecretError> {
24    let policy = Policy::from_bindings(bindings);
25    EnvProvider::new(policy).get(key, tenant)
26}
greentic_secrets_runner/lib.rs

greentic_secrets_runner/
lib.rs
