Skip to main content

greentic_secrets_spec/
error.rs

1use thiserror::Error;
2
3/// Result alias for secrets operations.
4pub type Result<T> = core::result::Result<T, Error>;
5
6/// Result alias for decryption operations.
7pub type DecryptResult<T> = core::result::Result<T, DecryptError>;
8
9/// Canonical secrets error surface.
10#[derive(Debug, Clone, PartialEq, Eq, Error)]
11pub enum Error {
12    #[error("secret identifier must not be empty")]
13    InvalidIdentifier,
14    #[error("{field} contains invalid characters: {value}")]
15    InvalidCharacters { field: &'static str, value: String },
16    #[error("{field} must not be empty")]
17    EmptyComponent { field: &'static str },
18    #[error("uri must start with secrets://")]
19    InvalidScheme,
20    #[error("uri is missing {field}")]
21    MissingSegment { field: &'static str },
22    #[error("uri contains unexpected extra segments")]
23    ExtraSegments,
24    #[error("invalid version segment: {value}")]
25    InvalidVersion { value: String },
26    #[error("encryption algorithm not supported: {0}")]
27    UnsupportedAlgorithm(String),
28    #[error("encryption algorithm {0} requires the 'xchacha' feature")]
29    AlgorithmFeatureUnavailable(String),
30    #[error("crypto error: {0}")]
31    Crypto(String),
32    #[error("storage error: {0}")]
33    Storage(String),
34    #[error("invalid {0}: {1}")]
35    Invalid(String, String),
36    #[error("backend error: {0}")]
37    Backend(String),
38    #[error("{entity} not found")]
39    NotFound { entity: String },
40}
41
42#[derive(Debug, Clone, PartialEq, Eq, Error)]
43pub enum DecryptError {
44    #[error("message authentication failed")]
45    MacMismatch,
46    #[error("key provider error: {0}")]
47    Provider(String),
48    #[error("invalid envelope: {0}")]
49    InvalidEnvelope(String),
50    #[error("crypto error: {0}")]
51    Crypto(String),
52}
53
54/// Compatibility aliases preferred by downstream callers.
55pub type SecretsResult<T> = Result<T>;
56pub type SecretsError = Error;