Skip to main content

SecretsManager

rustyclaw_core::secrets

Struct SecretsManager 

Source 
pub struct SecretsManager { /* private fields */ }
Expand description

Secrets manager backed by an encrypted SecureStore vault.

Implementations§

Source§

impl SecretsManager

Source

pub fn change_password(&mut self, new_password: String) -> Result<()>

Re-encrypt an existing vault with a new password.

Loads the vault with the current key source, reads every secret, creates a brand-new vault encrypted with new_password, writes back all the secrets, and saves. On success the in-memory state is updated to use the new password.

Source

pub fn store_secret(&mut self, key: &str, value: &str) -> Result<()>

Store (or overwrite) a secret in the vault and persist to disk.

Source

pub fn get_secret( &mut self, key: &str, user_approved: bool, ) -> Result<Option<String>>

Retrieve a secret from the vault.

Returns None if the secret does not exist or if agent access is disabled and the caller has not provided explicit user approval.

Source

pub fn delete_secret(&mut self, key: &str) -> Result<()>

Delete a secret from the vault and persist to disk.

Source

pub fn list_secrets(&mut self) -> Vec<String>

List all stored secret keys (not values).

Source

pub fn store_credential( &mut self, name: &str, entry: &SecretEntry, value: &str, username: Option<&str>, ) -> Result<()>

Store a typed credential in the vault.

For UsernamePassword, supply the password as value and the username as username. For all other kinds, username is ignored and value holds the single secret string.

For SshKey, prefer [generate_ssh_key] which creates the keypair automatically.

Source

pub fn store_form_autofill( &mut self, name: &str, entry: &SecretEntry, fields: &BTreeMap<String, String>, ) -> Result<()>

Store a form-autofill credential (arbitrary key/value fields).

fields maps field names (e.g. “email”, “phone”, “address”) to their values. The description on the entry is a good place to record the site URL or form name.

Source

pub fn store_payment_method( &mut self, name: &str, entry: &SecretEntry, cardholder: &str, number: &str, expiry: &str, cvv: &str, extra: &BTreeMap<String, String>, ) -> Result<()>

Store a payment-method credential.

Source

pub fn get_credential( &mut self, name: &str, ctx: &AccessContext, ) -> Result<Option<(SecretEntry, CredentialValue)>>

Retrieve a typed credential from the vault.

context drives the permission check:

  • user_approved: the user has explicitly said “yes” for this access (satisfies WithApproval).
  • authenticated: the caller has already re-verified the vault password / TOTP (satisfies WithAuth).
  • active_skill: if the agent is currently executing a skill, pass its name here (satisfies SkillOnly when listed).
Source

pub fn list_credentials(&mut self) -> Vec<(String, SecretEntry)>

List all typed credential names (not raw / legacy keys).

Source

pub fn list_all_entries(&mut self) -> Vec<(String, SecretEntry)>

List all credentials — both typed (cred:*) and legacy bare-key secrets (e.g. ANTHROPIC_API_KEY).

Legacy keys that match a known provider secret name get a synthesised SecretEntry with kind = ApiKey or Token. Internal keys (TOTP secret, __init, cred:*, val:*) are excluded.

Source

pub fn peek_credential_display( &mut self, name: &str, ) -> Result<Vec<(String, String)>>

Retrieve a credential’s value(s) as displayable (label, value) pairs for the TUI secret viewer.

This bypasses the disabled check and the access-policy check because the user is physically present and explicitly asked to view the secret. For legacy bare-key secrets (no cred: metadata) the raw value is returned directly.

Source

pub fn delete_credential(&mut self, name: &str) -> Result<()>

Delete a typed credential and all its associated vault keys.

Source

pub fn set_credential_disabled( &mut self, name: &str, disabled: bool, ) -> Result<()>

Enable or disable a credential.

For typed credentials (cred:<name> exists) the disabled flag is updated in the metadata envelope. For legacy bare-key secrets a typed envelope is created in-place so the flag can be persisted.

Source

pub fn set_credential_policy( &mut self, name: &str, policy: AccessPolicy, ) -> Result<()>

Change the access policy of a credential.

Source

pub fn generate_ssh_key( &mut self, name: &str, comment: &str, policy: AccessPolicy, ) -> Result<String>

Generate a new Ed25519 SSH keypair and store it in the vault as an SshKey credential.

Returns the public key string (ssh-ed25519 AAAA… <comment>).

Source

pub fn setup_totp(&mut self, account_name: &str) -> Result<String>

Generate a fresh TOTP secret, store it in the vault, and return the otpauth:// URI (suitable for QR codes / manual entry in an authenticator app).

Source

pub fn setup_totp_with_issuer( &mut self, account_name: &str, issuer: &str, ) -> Result<String>

Like setup_totp but with a custom issuer name (shown as the app/service label in authenticator apps).

Source

pub fn verify_totp(&mut self, code: &str) -> Result<bool>

Verify a 6-digit TOTP code against the stored secret. Returns Ok(true) if the code is valid, Ok(false) if invalid, or an error if no TOTP secret is configured.

Source

pub fn has_totp(&mut self) -> bool

Check whether a TOTP secret is stored in the vault.

Source

pub fn remove_totp(&mut self) -> Result<()>

Remove the stored TOTP secret (disables 2FA).

Source

pub fn clear_cache(&mut self)

No-op kept for API compatibility. The securestore crate decrypts on-demand so there is no separate cache to clear.

Source

pub fn load_browser_store(&mut self) -> Result<BrowserStore>

Load the browser store from the vault, or create a new empty one.

Source

pub fn save_browser_store(&mut self, store: &BrowserStore) -> Result<()>

Save the browser store to the vault.

Source

pub fn get_cookies_for_domain( &mut self, domain: &str, path: &str, user_approved: bool, ) -> Result<Vec<Cookie>>

Get cookies for a domain, respecting access policy.

Returns cookies that match the domain (including subdomain matching). Access is controlled by the same agent_access / user_approved rules as regular secrets.

Set a cookie, respecting access policy.

Remove a cookie.

Source

pub fn clear_domain_cookies( &mut self, domain: &str, user_approved: bool, ) -> Result<()>

Clear all cookies for a domain.

Source

pub fn cookie_header_for_request( &mut self, domain: &str, path: &str, is_secure: bool, user_approved: bool, ) -> Result<Option<String>>

Build a Cookie header string for a request.

This is the primary method used by web_fetch to attach cookies. Returns None if no cookies match or access is denied.

Source

pub fn store_cookies_from_response( &mut self, response_domain: &str, set_cookie_headers: &[String], user_approved: bool, ) -> Result<usize>

Parse Set-Cookie headers from a response and store them.

response_domain is the domain the response came from. Cookies with mismatched domains are rejected (browser security).

List all domains that have stored cookies.

Source

pub fn storage_get( &mut self, origin: &str, key: &str, user_approved: bool, ) -> Result<Option<String>>

Get a value from origin-scoped storage.

Source

pub fn storage_set( &mut self, origin: &str, key: &str, value: &str, user_approved: bool, ) -> Result<()>

Set a value in origin-scoped storage.

Source

pub fn storage_remove( &mut self, origin: &str, key: &str, user_approved: bool, ) -> Result<()>

Remove a value from origin-scoped storage.

Source

pub fn storage_clear(&mut self, origin: &str, user_approved: bool) -> Result<()>

Clear all storage for an origin.

Source

pub fn list_storage_origins(&mut self) -> Result<Vec<String>>

List all origins that have stored data.

Source

pub fn storage_keys( &mut self, origin: &str, user_approved: bool, ) -> Result<Vec<String>>

List all keys in storage for an origin.

Source§

impl SecretsManager

Source

pub fn new(credentials_dir: impl Into<PathBuf>) -> Self

Create a new SecretsManager rooted in credentials_dir.

The vault and key files are created on-demand the first time a mutating operation is performed.

Source

pub fn with_password( credentials_dir: impl Into<PathBuf>, password: String, ) -> Self

Create a SecretsManager that uses a password for encryption instead of a key file.

Source

pub fn set_password(&mut self, password: String)

Set the password after construction (e.g. after prompting the user).

Note: This only affects how the vault is opened on next access. If the vault already exists on disk with a different key source, you must call change_password instead.

Source

pub fn clear_password(&mut self)

Remove the password and invalidate the loaded vault, returning the manager to a locked state.

Source

pub fn locked(credentials_dir: impl Into<PathBuf>) -> Self

Create a SecretsManager in a locked state.

The vault file path is known but no password or key file has been provided yet. The vault cannot be accessed until set_password is called.

Source

pub fn is_locked(&self) -> bool

Check whether the vault is in a locked state (password-protected vault with no password provided yet).

Returns true if the vault file exists on disk, no key file is present, and no password has been set — meaning the vault cannot be decrypted without a password.

Source

pub fn password(&self) -> Option<&str>

Return the current password, if one has been set.

Used by the TUI to forward the vault password to the gateway daemon so it can open the vault without prompting.

Source

pub fn set_agent_access(&mut self, enabled: bool)

Enable or disable automatic agent access to secrets

Source

pub fn has_agent_access(&self) -> bool

Check if agent has access to secrets

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more