Expand description
microkv is a minimal, security-focused key-value store for sensitive data, with encrypted persistence to disk.
Every store is encrypted, with values sealed with ChaCha20-Poly1305 under a key derived from a password (scrypt, or argon2 behind a feature flag) or supplied directly. Data is organized into isolated namespaces (“trees”), persisted atomically, and key material is held in memory-locked, auto-zeroed storage.
use microkv::{MicroKV, Credential};
let db = MicroKV::in_memory(Credential::password("p@ssw0rd")).unwrap();
db.put("answer", &42u32).unwrap();
let answer: u32 = db.require("answer").unwrap();
assert_eq!(answer, 42);Structs§
- Config
- Open-time knobs. Everything defaults:
Config { read_only: true, ..Default::default() }. - KdfParams
- Opaque KDF parameters.
- MicroKV
- The database handle. Cheap to clone (
Arc-backed); all clones share one store. - Secret
- A wrapper marking a decrypted value as sensitive.
- Tree
- A handle to a single namespace within a
MicroKVstore. - Txn
- A batch of operations applied atomically by
MicroKV::transaction.
Enums§
- Auto
Save - When to flush to disk.
- Credential
- How to unlock a store. Encryption is mandatory — there is no plaintext option.
- Error
- Anything that can go wrong. Non-exhaustive; match with a wildcard arm.
- Lock
Mode - Cross-process locking, via a sidecar
.lockfile.
Type Aliases§
- Result
- Result with the crate’s
Error. - Secret
String - A password held in memory that is zeroized when dropped.