Struct FileFetch 

pub struct FileFetch { /* private fields */ }

Available on crate feature fetcher-file only.

KeyFetch implementation that reads bytes from a file on disk.

By default Unix permission bits stricter than 0o600 are rejected; call FileFetch::allow_loose_perms to disable that check (not recommended outside of tests).

Examples

use key_vault::{FetchContext, FileFetch, KeyFetch};

// Assume /etc/myapp/key.bin is mode 0600 and contains 32 bytes.
let fetcher = FileFetch::new("/etc/myapp/key.bin");
let raw = fetcher.fetch(&FetchContext::new("primary"))?;
assert_eq!(raw.len(), 32);

Implementations

impl FileFetch

pub fn new(path: impl Into<PathBuf>) -> Self

Construct a fetcher that reads the file at path. Strict Unix permission checking is enabled by default.

pub fn allow_loose_perms(self) -> Self

Disable strict Unix permission checking.

Useful for test fixtures and containers where the user controlling the file is the same as the process user but the file may have been created with 0o644. Do not disable strict perms in production deployments where multiple users share the host.

pub fn path(&self) -> &Path

Path the fetcher reads from. Used in audit / diagnostic output.

Trait Implementations

impl Clone for FileFetch

fn clone(&self) -> FileFetch

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FileFetch

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl KeyFetch for FileFetch

fn fetch(&self, _ctx: &FetchContext) -> Result<RawKey>

Acquire raw key material from the underlying source.

fn describe(&self) -> Cow<'_, str>

Short, machine-friendly identifier for this fetcher (e.g. "keychain", "file", "env"). Used for audit records and error attribution.