pub struct Vault { /* private fields */ }
Expand description
Vault implementation that stores secrets in memory and uses software crypto.
Examples
use ockam_vault::Vault;
use ockam_core::Result;
use ockam_core::vault::{SecretAttributes, SecretType, SecretPersistence, CURVE25519_SECRET_LENGTH, SecretVault, Signer, Verifier};
async fn example() -> Result<()> {
let mut vault = Vault::default();
let mut attributes = SecretAttributes::new(
SecretType::X25519,
SecretPersistence::Ephemeral,
CURVE25519_SECRET_LENGTH,
);
let secret = vault.secret_generate(attributes).await?;
let public = vault.secret_public_key_get(&secret).await?;
let data = "Very important stuff".as_bytes();
let signature = vault.sign(&secret, data).await?;
assert!(vault.verify(&signature, &public, data).await?);
Ok(())
}
Implementations
Trait Implementations
sourceimpl AsymmetricVault for Vault
impl AsymmetricVault for Vault
sourcefn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret: &'life1 String,
peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Vault: 'async_trait,
fn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret: &'life1 String,
peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Compute Elliptic-Curve Diffie-Hellman using this secret key and the specified uncompressed public key. Read more
sourcefn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
fn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Compute and return the KeyId
for a given public key.
sourceimpl Hasher for Vault
impl Hasher for Vault
sourcefn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
salt: &'life1 String,
info: &'life2 [u8],
ikm: Option<&'life3 String>,
output_attributes: Vec<SecretAttributes, Global>
) -> Pin<Box<dyn Future<Output = Result<Vec<String, Global>, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Vault: 'async_trait,
fn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
salt: &'life1 String,
info: &'life2 [u8],
ikm: Option<&'life3 String>,
output_attributes: Vec<SecretAttributes, Global>
) -> Pin<Box<dyn Future<Output = Result<Vec<String, Global>, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Compute sha256. Salt and Ikm should be of Buffer type. Output secrets should be only of type Buffer or AES
sourcefn sha256<'life0, 'life1, 'async_trait>(
&'life0 self,
data: &'life1 [u8]
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
fn sha256<'life0, 'life1, 'async_trait>(
&'life0 self,
data: &'life1 [u8]
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Compute the SHA-256 digest given input data
.
sourceimpl SecretVault for Vault
impl SecretVault for Vault
sourcefn secret_generate<'life0, 'async_trait>(
&'life0 self,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
Vault: 'async_trait,
fn secret_generate<'life0, 'async_trait>(
&'life0 self,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Generate fresh secret. Only Curve25519 and Buffer types are supported
sourcefn secret_public_key_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 String
) -> Pin<Box<dyn Future<Output = Result<PublicKey, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
fn secret_public_key_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 String
) -> Pin<Box<dyn Future<Output = Result<PublicKey, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Extract public key from secret. Only Curve25519 type is supported
sourcefn secret_destroy<'life0, 'async_trait>(
&'life0 self,
key_id: String
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
Vault: 'async_trait,
fn secret_destroy<'life0, 'async_trait>(
&'life0 self,
key_id: String
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Remove secret from memory
sourcefn secret_import<'life0, 'life1, 'async_trait>(
&'life0 self,
secret: &'life1 [u8],
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
fn secret_import<'life0, 'life1, 'async_trait>(
&'life0 self,
secret: &'life1 [u8],
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Import a secret with the given attributes from binary form into the vault.
sourcefn secret_export<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 String
) -> Pin<Box<dyn Future<Output = Result<SecretKey, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
fn secret_export<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 String
) -> Pin<Box<dyn Future<Output = Result<SecretKey, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Export a secret key to the binary form represented as SecretKey
.
sourcefn secret_attributes_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 String
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
fn secret_attributes_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 String
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Return the attributes for a secret.
sourceimpl Signer for Vault
impl Signer for Vault
sourcefn sign<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret_key: &'life1 String,
data: &'life2 [u8]
) -> Pin<Box<dyn Future<Output = Result<Signature, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Vault: 'async_trait,
fn sign<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret_key: &'life1 String,
data: &'life2 [u8]
) -> Pin<Box<dyn Future<Output = Result<Signature, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Sign data.
sourceimpl SymmetricVault for Vault
impl SymmetricVault for Vault
sourcefn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 String,
plaintext: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Vec<u8, Global>, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Vault: 'async_trait,
fn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 String,
plaintext: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Vec<u8, Global>, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Encrypt a payload using AES-GCM.
sourcefn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 String,
cipher_text: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Vec<u8, Global>, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Vault: 'async_trait,
fn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 String,
cipher_text: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Vec<u8, Global>, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Decrypt a payload using AES-GCM.
sourceimpl Verifier for Vault
impl Verifier for Vault
sourcefn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
signature: &'life1 Signature,
public_key: &'life2 PublicKey,
data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Vault: 'async_trait,
fn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
signature: &'life1 Signature,
public_key: &'life2 PublicKey,
data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Vault: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Verify signature
Auto Trait Implementations
impl !RefUnwindSafe for Vault
impl Send for Vault
impl Sync for Vault
impl Unpin for Vault
impl !UnwindSafe for Vault
Blanket Implementations
sourceimpl<D> AsyncTryClone for D where
D: Clone + Sync,
impl<D> AsyncTryClone for D where
D: Clone + Sync,
sourcefn async_try_clone<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<D, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
D: 'async_trait,
fn async_try_clone<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<D, Error>> + Send + 'async_trait, Global>>ⓘNotable traits for Pin<P>impl<P> Future for Pin<P> where
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
where
'life0: 'async_trait,
D: 'async_trait,
P: DerefMut,
<P as Deref>::Target: Future, type Output = <<P as Deref>::Target as Future>::Output;
Try cloning a object and return an Err
in case of failure.
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>ⓘNotable traits for Instrumented<T>impl<T> Future for Instrumented<T> where
T: Future, type Output = <T as Future>::Output;
fn instrument(self, span: Span) -> Instrumented<Self>ⓘNotable traits for Instrumented<T>impl<T> Future for Instrumented<T> where
T: Future, type Output = <T as Future>::Output;
T: Future, type Output = <T as Future>::Output;
sourcefn in_current_span(self) -> Instrumented<Self>ⓘNotable traits for Instrumented<T>impl<T> Future for Instrumented<T> where
T: Future, type Output = <T as Future>::Output;
fn in_current_span(self) -> Instrumented<Self>ⓘNotable traits for Instrumented<T>impl<T> Future for Instrumented<T> where
T: Future, type Output = <T as Future>::Output;
T: Future, type Output = <T as Future>::Output;
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>ⓘNotable traits for WithDispatch<T>impl<T> Future for WithDispatch<T> where
T: Future, type Output = <T as Future>::Output;
where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>ⓘNotable traits for WithDispatch<T>impl<T> Future for WithDispatch<T> where
T: Future, type Output = <T as Future>::Output;
where
S: Into<Dispatch>,
T: Future, type Output = <T as Future>::Output;
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>ⓘNotable traits for WithDispatch<T>impl<T> Future for WithDispatch<T> where
T: Future, type Output = <T as Future>::Output;
fn with_current_subscriber(self) -> WithDispatch<Self>ⓘNotable traits for WithDispatch<T>impl<T> Future for WithDispatch<T> where
T: Future, type Output = <T as Future>::Output;
T: Future, type Output = <T as Future>::Output;
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more