Trait CredentialProvider 

pub trait CredentialProvider: Send + Sync {
    // Required method
    fn mint(
        &self,
        now_ms: u64,
    ) -> Pin<Box<dyn Future<Output = Result<MintedSecret, String>> + Send + '_>>;

    // Provided method
    fn refresh_skew_ms(&self) -> u64 { ... }
}

Mints a short-lived upstream credential, and re-mints it on rotation. Async because real minters call out (the GitHub-App exchange is HTTP; the EKS presign is local but shares the signature). Returns the secret and its expiry; an error fails closed (the cache keeps the previous value until it too expires).

Required Methods

fn mint( &self, now_ms: u64, ) -> Pin<Box<dyn Future<Output = Result<MintedSecret, String>> + Send + '_>>

Mint a fresh secret as of now_ms.

Provided Methods

fn refresh_skew_ms(&self) -> u64

Re-mint this many milliseconds before the cached secret expires, to rotate without a gap. Defaults to one minute.

Dyn Compatibility

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors

impl CredentialProvider for EksGetTokenProvider

impl CredentialProvider for GitHubAppProvider