Module iota_client::stronghold
source · stronghold
only.Expand description
Stronghold integration for iota.rs.
Stronghold can be used as a multi-purpose secret service providing:
- Smart-card-like secret vault
- Generic key-value, encrypted database
StrongholdAdapter
respectively implements StorageProvider
and SecretManage
for the above purposes
using Stronghold. Type aliases StrongholdStorageProvider
and StrongholdSecretManager
are also provided if one
wants to have a more consistent naming when using any of the feature sets.
Use builder()
to construct a StrongholdAdapter
with customized parameters; see documentation of methods of
StrongholdAdapterBuilder
for details. All fields are optional, but:
- Without a password, all cryptographic operations (including database operations, as they encrypt / decrypt data) would fail.
- Without a password clearing timeout, the derived key would be stored in the memory for as long as possible, and could be used as an attack vector.
- Without a snapshot path configured, all operations would be transient (i.e. all data would be lost when
StrongholdAdapter
is dropped, or the cached key has been cleared).
They can also be set later on StrongholdAdapter
using set_password()
, set_timeout()
, etc.
With set_timeout()
, an automatic task can be spawned in the background to purge the key from memory using
zeroize after the timeout
duration. It’s used to reduce the attack vector. When the key is cleared from the
memory, Stronghold will be unloaded from the memory too. If no snapshot_path
has been set at this point, then
secrets stored in Stronghold will be dropped and lost.
Nevertheless, Stronghold is memory-based, so it’s not required to use a snapshot file on the disk. Without a
snapshot path set, StrongholdAdapter
will run purely in memory. If a snapshot path is set, then
StrongholdAdapter
would lazily load the file on the first call that performs some actions on Stronghold.
Subsequent actions are still performed in memory. If the snapshot file doesn’t exist, these function calls will all
fail. To proactively load or store the Stronghold state from or to a Stronghold snapshot on disk, use
read_stronghold_snapshot()
or write_stronghold_snapshot()
. The latter can be used to create a snapshot file
after creating a StrongholdAdapter
with a non-existent snapshot path.
Structs
- A wrapper on Stronghold.
- Builder for
StrongholdAdapter
.
Enums
- Error type for StrongholdAdapterBuilder