Crate lair_keystore_api

source ·
Expand description

Secret lair private keystore API library.

Project Forum Chat

License: MIT License: Apache-2.0

This library crate contains most of the logic for dealing with lair.

  • If you wish to run an in-process / in-memory keystore, or connect to an external lair keystore as a client, this is the library for you.
  • If you want to run the canonical lair-keystore, see the lair_keystore crate.
  • If you want to run a canonical lair-keystore in-process, using the canonical sqlcipher database, see the lair_keystore crate.
  • See the lair_api module for information about the lair_keystore_api protocol.
  • See LairClient for the client struct api.
§Establishing a client connection to a canonical ipc keystore binary:
use lair_keystore_api::prelude::*;
use lair_keystore_api::ipc_keystore::*;

// create a client connection
let client =
    ipc_keystore_connect(connection_url, passphrase)

// create a new seed
let seed_info = client.new_seed(

// sign some data
let sig = client.sign_by_pub_key(

// verify the signature


  • Lair server configuration types. You only need this module if you are configuring a standalone or in-process lair keystore server.
  • Re-exported dependencies.
  • Helper types for dealing with serialization.
  • An in-process keystore that manages the entire lair server life-cycle without needing to call out to an external process.
  • Internal utility functions - note, the api for anything in this module is unstable and may change even for patch versions of this library.
  • Client / server keystore items for dealing with ipc keystores, both unix domain sockets and windows named pipes.
  • Lair api serialization types.
  • Items for connecting and interacting with a lair keystore as a client.
  • Items for acting as a lair keystore server.
  • Items related to securely persisting keystore secrets (e.g. to disk).
  • Lair in-memory store - This does not provide any peristance, and should generally only be used for testing.
  • Re-export module of types generally used with lair.
  • Libsodium secretstream Async reader / writer wrappers.


  • A lair keystore client handle. Use this to make requests of the keystore.



  • Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This constructor will first validate server authenticity, then unlock the connection with the supplied passphrase.
  • Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This variant is identical to ipc_keystore_connect but allows additional less-used configuration options.

Type Aliases§