AwsSecretsManager

llm_shield_cloud_aws::secrets

Struct AwsSecretsManager 

Source 
pub struct AwsSecretsManager { /* private fields */ }
Expand description

AWS Secrets Manager implementation of CloudSecretManager.

This implementation provides:

  • Automatic credential discovery (env → file → IAM role)
  • Built-in secret caching with TTL
  • Support for both string and binary secrets
  • Automatic retry with exponential backoff

§Example

use llm_shield_cloud_aws::AwsSecretsManager;
use llm_shield_cloud::CloudSecretManager;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let manager = AwsSecretsManager::new().await?;
    let secret = manager.get_secret("my-secret").await?;
    println!("Secret: {}", secret.as_string());
    Ok(())
}

Implementations§

Source§

impl AwsSecretsManager

Source

pub async fn new() -> Result<Self>

Creates a new AWS Secrets Manager client with default configuration.

Uses the AWS credential provider chain:

  1. Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
  2. AWS credentials file (~/.aws/credentials)
  3. IAM role for ECS task
  4. IAM role for EC2 instance
  5. IAM role for EKS pod (IRSA)
§Errors

Returns error if AWS configuration cannot be loaded.

Source

pub async fn new_with_region(region: impl Into<String>) -> Result<Self>

Creates a new AWS Secrets Manager client with specific region.

§Arguments
  • region - AWS region (e.g., “us-east-1”, “eu-west-1”)
§Errors

Returns error if AWS configuration cannot be loaded.

Source

pub async fn new_with_cache_ttl( region: impl Into<String>, cache_ttl_seconds: u64, ) -> Result<Self>

Creates a new AWS Secrets Manager client with custom cache TTL.

§Arguments
  • region - AWS region
  • cache_ttl_seconds - Cache time-to-live in seconds
§Errors

Returns error if AWS configuration cannot be loaded.

Source

pub fn region(&self) -> &str

Gets the AWS region this client is configured for.

Source

pub async fn clear_cache(&self)

Clears the secret cache.

Source

pub async fn cache_size(&self) -> usize

Gets the number of cached secrets.

Trait Implementations§

Source§

impl CloudSecretManager for AwsSecretsManager

Source§

fn get_secret<'life0, 'life1, 'async_trait>( &'life0 self, name: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<SecretValue>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Fetches a secret by name. Read more
Source§

fn list_secrets<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<Vec<String>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Lists all secret names. Read more
Source§

fn create_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, value: &'life2 SecretValue, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Creates a new secret. Read more
Source§

fn update_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, value: &'life2 SecretValue, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Updates an existing secret. Read more
Source§

fn delete_secret<'life0, 'life1, 'async_trait>( &'life0 self, name: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Deletes a secret. Read more
Source§

fn get_secret_metadata<'life0, 'life1, 'async_trait>( &'life0 self, name: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<SecretMetadata>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Gets secret metadata without fetching the value. Read more
Source§

fn rotate_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, new_value: &'life2 SecretValue, ) -> Pin<Box<dyn Future<Output = Result<(), CloudError>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, Self: 'async_trait,

Rotates a secret (creates a new version). Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

Source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more