Crate neuron_auth 

Authentication providers for neuron.

This crate defines the AuthProvider trait for obtaining authentication credentials to access secret backends. It also provides AuthProviderChain for composing multiple providers (try in order until one succeeds, like AWS DefaultCredentialsChain).

Separation of Concerns

Auth providers produce credentials (tokens). Secret resolvers consume them. A VaultResolver takes an Arc<dyn AuthProvider> and uses it to authenticate before fetching secrets. This separation follows the pattern established by AWS SDK (ProvideCredentials vs SecretsManagerClient), vaultrs (auth::* vs kv2::*), and Google Cloud SDK.

Structs

AuthProviderChain

Tries providers in order until one succeeds.

AuthRequest

Context for an authentication request.

AuthToken

An opaque authentication token with expiry. Uses SecretValue internally for in-memory protection.

Enums

AuthError

Errors from authentication providers (crate-local, not in layer0).

Traits

AuthProvider

Provide authentication credentials for accessing a secret backend.