Skip to main content

SecretRotationBackend

secret_manager

Trait SecretRotationBackend 

Source 
pub trait SecretRotationBackend:
    Send
    + Sync
    + 'static {
    type Error: Error + Send + Sync + 'static;

    // Required methods
    fn latest_key_info<'life0, 'life1, 'async_trait>(
        &'life0 self,
        group_id: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<Option<(u8, SystemTime)>, Self::Error>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn try_insert_key<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        group_id: &'life1 str,
        expected_version: Option<u8>,
        new_version: u8,
        encrypted: &'life2 Encrypted,
        activated_at: SystemTime,
    ) -> Pin<Box<dyn Future<Output = Result<bool, Self::Error>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
}
Expand description

Write-side storage contract required by KeyRotator.

Implement this trait (together with SecretBackend if you also need reading) to bring your own backend. The two methods together form an optimistic-locking protocol: read the latest version, then attempt a conditional insert.

Required Associated Types§

Source

type Error: Error + Send + Sync + 'static

The error type returned on backend failures.

Required Methods§

Source

fn latest_key_info<'life0, 'life1, 'async_trait>( &'life0 self, group_id: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Option<(u8, SystemTime)>, Self::Error>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Returns (version, activated_at) of the most recently inserted key for group_id, or None when no key exists yet.

Source

fn try_insert_key<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, group_id: &'life1 str, expected_version: Option<u8>, new_version: u8, encrypted: &'life2 Encrypted, activated_at: SystemTime, ) -> Pin<Box<dyn Future<Output = Result<bool, Self::Error>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Atomically inserts a new key only when the current version still equals expected_version (use None when no key exists yet).

Returns true if the key was inserted, false if another instance raced ahead and the version no longer matches. Implementations should acquire an advisory lock or use a compare-and-swap so that concurrent rotators converge safely.

Implementors§