Struct SseKeyring 

pub struct SseKeyring { /* private fields */ }

v0.5 #29: a set of SseKeys indexed by u16 key-id, plus a designated active id used for new encryptions. Rotation is just “add the new key, flip active to its id, leave the old keys for decryption-only”. Cheap to clone (Arc<SseKey> per slot).

Implementations

impl SseKeyring

pub fn new(active: u16, key: Arc<SseKey>) -> Self

Create a keyring seeded with one key, immediately marked active. Add older keys later via SseKeyring::add so the gateway can still decrypt pre-rotation objects.

pub fn add(&mut self, id: u16, key: Arc<SseKey>)

Insert another key under id id. Does NOT change active. If id == active, the slot is overwritten (useful for tests; in production prefer minting a fresh id).

pub fn active(&self) -> (u16, &SseKey)

Active (id, key) — used by encrypt_v2 to pick the slot for new objects.

pub fn get(&self, id: u16) -> Option<&SseKey>

Look up a key by id. Returns None for unknown ids — caller should surface this as SseError::KeyNotInKeyring.

Trait Implementations

impl Clone for SseKeyring

fn clone(&self) -> SseKeyring

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SseKeyring

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> From<&'a SseKeyring> for SseSource<'a>

Back-compat coercion: existing call sites pass &SseKeyring directly to decrypt. With this From impl the generic bound Into<SseSource> accepts &SseKeyring without the caller writing .into(), keeping v0.4 / v0.5 #29 service.rs callers compiling untouched while v0.5 #27 SSE-C callers pass SseSource::CustomerKey explicitly.

fn from(kr: &'a SseKeyring) -> Self

Converts to this type from the input type.