Expand description
End-to-end encrypted, mutually authenticated, secure communication.
Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes — across data centers, through queues and caches, via gateways and brokers — before reaching their end destination.
Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.
Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application’s messages don’t have to be vulnerable at every point, along their journey, where a transport connection terminates.
Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.
§Features
- End-to-end encrypted, mutually authenticated secure channels.
- Multi-hop, multi-transport, application layer routing.
- Key establishment, rotation, and revocation - for fleets, at scale.
- Lightweight, Concurrent, Stateful Workers that enable simple APIs.
- Attribute-based Access Control - credentials with selective disclosure.
- Add-ons for a variety of operating environments, transport protocols, and cryptographic hardware.
§Documentation
Tutorials, examples and reference guides are available at docs.ockam.io.
Re-exports§
pub use ockam_abac as abac;
pub use ockam_identity as identity;
pub use node::*;
Modules§
- Access Control
- This module defines the migrations to apply to the application database
- Compatibility adapter, mostly for
no_std
use. - Debugger
- A module to export the error code in a meaningful way
- Flow Controls
- List of all top-level services
- This module defines the migrations to apply to the application database
RemoteRelay
allows registering node within a Cloud Node with dynamic or static alias, which allows other nodes forward messages to local workers on this node using that alias.- SQLite rust migrations
- TCP transport
- Transport
- UDP transport
- Types and traits relating to ockam vaults.
- Helper workers
Macros§
Structs§
- A generic address type.
- A passthrough marker message type.
- This type is used to map boolean fields for the types deriving
FrowRow
. Postgres provides a proper boolean type but SQLite maps them as integers. - Context contains Node state and references to the runtime.
- User of the Postgres database
- Allow to send message to destination address periodically after some delay Only one scheduled heartbeat allowed at a time Dropping this handle cancels scheduled heartbeat
- The type of errors returned by Ockam functions.
- Underlying Ockam node executor
- A message type that is routed locally within a single node.
- Full set of options to
send_and_receive_extended
function - Full set of options to
send_and_receive_extended
function - Migrator is responsible for running Sql and Rust migrations side by side in the correct order, checking for conflicts, duplicates; making sure each migration runs only once
- Start a node with a custom setup configuration
- This type is used to map Option
fields for the types deriving FromRow
- A user-defined protocol identifier.
- Alias worker to register remote workers under local names.
- Trust Options for a Forwarding Service
- A full route to a peer.
- A message wrapper that provides message route information.
- The SqlxDatabase struct is used to create a database:
- A generic transport message type.
- Start a
Worker
with a custom configuration
Enums§
- Configuration for the database. We either use Sqlite or Postgres
- Type of database
- An enumeration of different error types emitted by this library.
Constants§
- Database name environment variable
- Database host environment variable
- Database password environment variable
- Database port environment variable
- Database user environment variable
Traits§
- Clone trait for async structs.
- This trait provides some syntax for transforming sqlx errors into ockam errors
- A user defined message that can be serialised and deserialized.
- This trait runs migrations on a given database
- Defines an interface for Ockam Workers that need to continuously perform background operations.
- Individual rust migration
- This trait provides some syntax to shorten queries execution returning ()
- Defines the core interface shared by all Ockam Workers.
Functions§
- Produces Ok(true) to avoid an ambiguous reading from using the unadorned value in auth code.
- Create a temporary database file that won’t be cleaned-up automatically
- Produces Ok(false) to avoid an ambiguous reading from using the unadorned value in auth code.
- This function can be used to run some test code with the 3 different databases implementations of the application database
- This function can be used to run some test code with the 3 different databases implementations
Type Aliases§
- Alias of the type used for encoded data.
Attribute Macros§
- Marks an async function to be run in an ockam node.
- Mark an Ockam Processor implementation.
- Marks an async test function to be run in an ockam node.
- Mark an Ockam Worker implementation.
Derive Macros§
- Implements the
AsyncTryClone
trait for a type. - Implements the
Message
trait for a type.