Expand description
Friendly-name registry for security keys, plus device-identity resolution.
Lets a user attach a memorable label (e.g. signing-yubikey) to a physical
key, matched by its stable serial number, so commands can target a key
by --name instead of a /dev/hidrawN path that changes on every replug.
This crate is pure config + matching logic: it has no hardware or PC/SC
dependencies and never enumerates devices itself. The caller supplies the
list of connected devices (as ConnectedKey) — for the CLI that’s the
HID enumeration plus, for keys without a USB serial, a CCID-read serial.
Front-end concerns (interactive pickers, TTY handling, confirmations) live
in the caller, so both the CLI and the GUI reuse this same core.
§Privacy
Persisting a key’s serial to disk is opt-in: nothing is written unless
the caller explicitly invokes Keyring::save_to / Keyring::save_default
(i.e. the user ran an “add a name” action). Loading and in-memory matching
record nothing.
Structs§
- Connected
Key - A currently-connected device as seen by the resolver. The caller builds
these from device enumeration;
serialis the device’s effective serial (USB or CCID),Noneif it couldn’t be determined. - KeyEntry
- One named key in the registry.
serialis the match key;nameis the unique user-facing label. - Keyring
- The on-disk registry (
keys.json).
Enums§
- IdSource
- How a key’s serial is obtained — recorded for display/diagnostics. Matching is always by serial-string equality regardless of source.
- Keyring
Error - Errors loading, saving, or mutating the registry.
- Resolve
Error - Errors resolving a
--nameto a connected device.
Functions§
- config_
path - Default config path:
$XDG_CONFIG_HOME/keyroost/keys.json, else$HOME/.config/keyroost/keys.json. - validate_
name - Validate a friendly name: 1-64 chars of lowercase ASCII, digits,
-,_.