key_vault/monitor/no_monitor.rs
1//! [`NoMonitor`] — the inert default.
2
3use super::{AccessContext, FailureContext, SecurityMonitor, ThresholdContext};
4
5/// `SecurityMonitor` implementation that discards every event.
6///
7/// Use this when you want to construct a vault without configuring any
8/// observability surface — anomaly events go nowhere, but the vault's
9/// own threshold detection (see
10/// [`KeyVaultBuilder::with_failure_threshold`](crate::KeyVaultBuilder::with_failure_threshold))
11/// still works and can still lock the vault out.
12///
13/// `NoMonitor` is the default when no monitor is configured. Calling
14/// [`with_monitor(NoMonitor)`](crate::KeyVaultBuilder::with_monitor)
15/// explicitly is equivalent to leaving the slot empty; the difference is
16/// stylistic.
17///
18/// # Examples
19///
20/// ```
21/// use key_vault::{KeyVaultBuilder, NoMonitor};
22///
23/// let _vault = KeyVaultBuilder::new()
24/// .with_monitor(NoMonitor)
25/// .build();
26/// ```
27#[derive(Debug, Default, Clone, Copy)]
28pub struct NoMonitor;
29
30impl SecurityMonitor for NoMonitor {
31 #[inline]
32 fn on_decryption_failure(&self, _ctx: &FailureContext) {}
33
34 #[inline]
35 fn on_anomalous_access(&self, _ctx: &AccessContext) {}
36
37 #[inline]
38 fn on_threshold_breach(&self, _ctx: &ThresholdContext) {}
39}