Skip to main content

Backend

hasp_core

Trait Backend 

Source 
pub trait Backend: Send + Sync {
    // Required methods
    fn scheme(&self) -> &'static str;
    fn get(&self, url: &Url) -> Result<SecretString, Error>;
    fn put(&self, url: &Url, value: &SecretString) -> Result<(), Error>;
    fn list(&self, url: &Url) -> Result<Vec<Entry>, Error>;
    fn delete(&self, url: &Url) -> Result<(), Error>;
    fn exists(&self, url: &Url) -> Result<bool, Error>;

    // Provided method
    fn validate(&self, _url: &Url) -> Result<(), Error> { ... }
}
Expand description

Unified backend trait for secret stores.

Each backend owns its URL grammar and maps native errors into hasp_core::Error. Secrets are wrapped in SecretString at the earliest possible boundary — before returning from get.

Implementors must ensure that secret values never appear in Debug output or error messages.

Required Methods§

Source

fn scheme(&self) -> &'static str

Returns the URL scheme this backend handles (e.g., "env").

Source

fn get(&self, url: &Url) -> Result<SecretString, Error>

Fetch the secret at the given URL.

§Errors

Returns Error::NotFound if the secret does not exist. Returns Error::Backend { kind: Transient, .. } for retryable platform failures.

Source

fn put(&self, url: &Url, value: &SecretString) -> Result<(), Error>

Store a secret at the given URL.

§Errors

Returns Error::UnsupportedOperation if the backend is read-only (e.g., env://).

Source

fn list(&self, url: &Url) -> Result<Vec<Entry>, Error>

List entries matching the URL prefix or pattern.

§Errors

Returns Error::UnsupportedOperation if listing is not supported by the backend.

Source

fn delete(&self, url: &Url) -> Result<(), Error>

Delete the secret at the given URL.

§Errors

Returns Error::UnsupportedOperation if deletion is not supported by the backend.

Source

fn exists(&self, url: &Url) -> Result<bool, Error>

Returns true if a secret exists at the given URL.

Provided Methods§

Source

fn validate(&self, _url: &Url) -> Result<(), Error>

Validate URL grammar without performing I/O.

Backends override by delegating to their existing URL TryFrom. Used by Store::resolve so --explain rejects the same URLs get would — keeps the dry-run path honest about what an actual operation would do. Default impl is a no-op for backends that have no grammar to validate beyond the scheme.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§