pub struct KeyStore { /* private fields */ }Expand description
Persists the derived encryption key for a lore store, keyed by store-id.
Keys live in a dedicated per-store namespace so one store’s key never touches
another’s. Depending on use_keychain, the key lands in the OS keychain
(service lore-sync, account = store-id) or a permission-restricted file at
~/.lore/sync-keys/<store-id>.key.
Implementations§
Source§impl KeyStore
impl KeyStore
Sourcepub fn with_keychain(use_keychain: bool) -> Self
pub fn with_keychain(use_keychain: bool) -> Self
Creates a key store, using the OS keychain when requested and available.
Falls back to file storage when the keychain is unavailable.
Sourcepub fn store_key(&self, store_id: &str, key: &[u8]) -> Result<(), SyncError>
pub fn store_key(&self, store_id: &str, key: &[u8]) -> Result<(), SyncError>
Stores the derived key bytes for a store (hex-encoded under the hood).
store_id namespaces the slot; obtain it from store_id_from_salt.
Sourcepub fn load_key(&self, store_id: &str) -> Result<Option<Vec<u8>>, SyncError>
pub fn load_key(&self, store_id: &str) -> Result<Option<Vec<u8>>, SyncError>
Loads the stored key bytes for a store, or None if no key is stored.
Sourcepub fn delete_key(&self, store_id: &str) -> Result<(), SyncError>
pub fn delete_key(&self, store_id: &str) -> Result<(), SyncError>
Deletes any stored key for a store from both file and keychain storage.
Part of the key-store foundation’s public API. Retained for a future
store reset/forget flow; the per-repo lore sync command only stores and
loads keys, so the binary does not yet call this directly.