pub fn resolve_key_with_source( vault_path: &str, ) -> Result<(SecretString, KeySource), String>
Resolve the secret key and report where it came from.