FileStore

rust_keyvault::storage

Struct FileStore 

Source 
pub struct FileStore { /* private fields */ }
Expand description

File-based key store with optional encryption

Provides persistent storage of cryptographic keys with optional encryption at rest The key are cached in memory for performamce and automatically loaded from disk

Implementations§

Source§

impl FileStore

Source

pub fn new<P: AsRef<Path>>(path: P, config: StorageConfig) -> Result<Self>

Create a new FileStore at the given path

Source

pub fn set_master_key(&mut self, key: SecretKey) -> Result<()>

Set master key for encryption

Source

pub fn init_with_password(&mut self, password: &[u8]) -> Result<()>

Initialize with password-derived master key (now using Argon2)

Source

pub fn derive_master_key(password: &[u8], salt: &[u8]) -> Result<SecretKey>

Derive a master key from a password using Argon2id

Trait Implementations§

Source§

impl EncryptedStore for FileStore

Source§

fn init_with_password(&mut self, password: &[u8]) -> Result<()>

Initialise with password-derived master key

Source§

fn is_unlocked(&self) -> bool

Check if the store is unlocked (has a master key available)

Returns true if a master key has been set and the store can decrypt keys

Source§

fn rekey(&mut self, new_password: &[u8]) -> Result<()>

Re-encrypt all keys with a new master key
Source§

impl KeyLifeCycle for FileStore

Source§

fn deprecate_key(&mut self, id: &KeyId) -> Result<()>

Mark a particular key as deprecated (key should be able to decrypt but not encrypt)
Source§

fn revoke_key(&mut self, id: &KeyId) -> Result<()>

Revoke a key (key should not be used for any operations)
Source§

fn cleanup_old_versions( &mut self, id: &KeyId, keep_versions: usize, ) -> Result<Vec<KeyId>>

Clean up old versions based on policy
Source§

impl KeyStore for FileStore

Source§

fn store(&mut self, key: VersionedKey) -> Result<()>

Store a versioned key
Source§

fn retrieve(&self, id: &KeyId) -> Result<VersionedKey>

Retrieve a key by ID
Source§

fn delete(&mut self, id: &KeyId) -> Result<()>

Delete a key
Source§

fn list(&self) -> Result<Vec<KeyId>>

List all kety IDs
Source§

fn update_metadata(&mut self, id: &KeyId, metadata: KeyMetadata) -> Result<()>

Update key metadata
Source§

fn find_by_state(&self, state: KeyState) -> Result<Vec<KeyId>>

Find keys by state
Source§

fn rotate_key(&mut self, id: &KeyId) -> Result<VersionedKey>

Rotate a key to a new version
Source§

fn get_key_versions(&self, id: &KeyId) -> Result<Vec<VersionedKey>>

Get all verions of a key (sorted by version number)
Source§

fn get_latest_key(&self, id: &KeyId) -> Result<VersionedKey>

Get the latest active version of a key
Source§

impl PersistentStorage for FileStore

Source§

fn flush(&mut self) -> Result<()>

Flush any pending writes to persistent storage
Source§

fn load(&mut self) -> Result<()>

Load keys from persistent storage
Source§

fn location(&self) -> &str

Get the storage location/path

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V