Skip to main content

Vault

reddb_server::auth::vault

Struct Vault 

Source 
pub struct Vault { /* private fields */ }
Expand description

Encrypted vault for persisting auth state inside reserved pager pages.

The vault key is derived from REDDB_VAULT_KEY env var or a provided passphrase. A random salt is generated on first write and persisted inside the vault page so that re-opening with the same passphrase produces the same derived key.

Implementations§

Source§

impl Vault

Source

pub fn has_saved_state(pager: &Pager) -> bool

Return true when the pager contains a written vault header.

Source

pub fn open(pager: &Pager, passphrase: Option<&str>) -> Result<Self, VaultError>

Open or prepare a vault backed by reserved pager pages.

Key derivation: REDDB_VAULT_KEY env var takes priority, then the passphrase argument. If neither is set, returns NoKey.

If vault pages already exist in the pager, the salt is read from the existing page content. Otherwise a fresh salt is generated and will be written on the first save() call.

Source

pub fn with_certificate( pager: &Pager, certificate_hex: &str, ) -> Result<Self, VaultError>

Open a vault using a certificate hex string (from bootstrap).

The certificate is used to derive the vault encryption key via Argon2id. This is the primary unseal mechanism introduced by the certificate-based seal system.

Source

pub fn from_env(pager: &Pager) -> Result<Self, VaultError>

Open a vault from environment variables.

Precedence: REDDB_CERTIFICATE (primary) > REDDB_VAULT_KEY (fallback/deprecated).

Source

pub fn with_certificate_bytes( pager: &Pager, certificate: &[u8], ) -> Result<Self, VaultError>

Create a vault keyed by a certificate (raw bytes, not hex).

Used during bootstrap when the certificate is freshly generated and not yet hex-encoded.

Source

pub fn seal_logical_export( &self, state: &VaultState, ) -> Result<String, VaultError>

Encrypt a vault state into a self-contained logical export blob.

The source salt is embedded so passphrase-based imports can derive the same wrapping key without having access to the source .rdb pages. The blob is hex-encoded so it can live inside JSONL dumps.

Source

pub fn unseal_logical_export( blob_hex: &str, passphrase: Option<&str>, ) -> Result<VaultState, VaultError>

Decrypt a logical export blob using the same key precedence as normal vault open: REDDB_CERTIFICATE, REDDB_VAULT_KEY, then the explicit passphrase argument.

Source

pub fn unseal_logical_export_with_passphrase( blob_hex: &str, passphrase: &str, ) -> Result<VaultState, VaultError>

Deterministic test/helper path that ignores vault env vars.

Source

pub fn save(&self, pager: &Pager, state: &VaultState) -> Result<(), VaultError>

Save the given auth state to the encrypted vault pages.

Order of operations is the only thing keeping this crash-safe:

  1. Encrypt the serialized state under a fresh nonce.
  2. Allocate (or reuse) the data-page chain and write every data page to disk.
  3. Free any surplus pages that the previous chain owned.
  4. Rewrite the header page in place — this is the commit point. After it lands, load() will follow the new chain.

A crash anywhere before step 4 leaves the existing header (and its chain) intact, so the previous vault snapshot is still readable on the next open.

Source

pub fn load(&self, pager: &Pager) -> Result<Option<VaultState>, VaultError>

Load auth state from the encrypted vault pages.

Returns Ok(None) if the vault pages do not exist yet (fresh DB).

Auto Trait Implementations§

§

impl Freeze for Vault

§

impl RefUnwindSafe for Vault

§

impl Send for Vault

§

impl Sync for Vault

§

impl Unpin for Vault

§

impl UnsafeUnpin for Vault

§

impl UnwindSafe for Vault

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more