Skip to main content

PrivateAccessKeyStore

Struct PrivateAccessKeyStore

pub struct PrivateAccessKeyStore { /* private fields */ }

Expand description

Encrypted-at-rest store for a pilot’s private_access_keypair private half.

The key is sealed with the same AES-256-GCM + HKDF envelope as PilotKeyStore. After a successful provision or generate, the node holds Category 2 (private-access) capability for that pilot until delete is called.

Implementations§

impl PrivateAccessKeyStore

pub fn open(root: impl Into<PathBuf>) -> Self

pub fn for_data_dir(data_dir: impl AsRef<Path>) -> Self

pub fn generate_for_pilot( &self, pilot_id: &PilotId, node_secret_key: &SecretKey, ) -> Result<SecretKey, PilotKeyStoreError>

Generate a fresh random private_access_keypair for pilot_id and store the private half.

Fails if that pilot already has a key (use delete_for_pilot first to replace with an implementation-generated key).

pub fn provision_for_pilot( &self, pilot_id: &PilotId, private_key: &SecretKey, node_secret_key: &SecretKey, ) -> Result<(), PilotKeyStoreError>

Store an externally supplied private key for pilot_id (used during the §5 key-provisioning handover). Overwrites that pilot’s previously stored key atomically without affecting other pilots.

pub fn load_for_pilot( &self, pilot_id: &PilotId, node_secret_key: &SecretKey, ) -> Result<Option<SecretKey>, PilotKeyStoreError>

Load the stored private key for pilot_id.

Returns None if no key has been provisioned for that pilot.

pub fn load_by_public_key( &self, public_key_hex: &str, node_secret_key: &SecretKey, ) -> Result<Option<(PilotId, SecretKey)>, PilotKeyStoreError>

Load a stored private key by its public half.

This is an interim lookup for the current gRPC POC until artifact ownership resolution can map raw_igc_hash to pilot_id directly.

pub fn delete_for_pilot( &self, pilot_id: &PilotId, ) -> Result<(), PilotKeyStoreError>

Delete the stored key for pilot_id (revocation / key rotation cleanup).

After this call the node loses Category 2 capability for this pilot. Callers are responsible for deleting any cached restricted plaintext per R-ACCESS-17.

Trait Implementations§

impl Clone for PrivateAccessKeyStore

fn clone(&self) -> PrivateAccessKeyStore

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for PrivateAccessKeyStore

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for PrivateAccessKeyStore

impl RefUnwindSafe for PrivateAccessKeyStore

impl Send for PrivateAccessKeyStore

impl Sync for PrivateAccessKeyStore

impl Unpin for PrivateAccessKeyStore

impl UnsafeUnpin for PrivateAccessKeyStore

impl UnwindSafe for PrivateAccessKeyStore

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Pointable for T

const ALIGN: usize

The alignment of pointer.

type Init = T

The type for initializers.

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more