Skip to main content

FileSource

secrets_rs::sources::file

Struct FileSource 

Source 
pub struct FileSource { /* private fields */ }
Expand description

A Source that retrieves secrets from the local filesystem.

Two construction modes are available:

  • FileSource::new() — resolves relative paths against the process’s current working directory at the time get is called. Simple, but the result is non-deterministic if any code calls std::env::set_current_dir concurrently.

  • FileSource::with_base(dir) — captures an absolute base directory at construction time and resolves all relative paths against it. The resolved path is stable regardless of later CWD changes. Absolute paths in the URN name are still used as-is.

The primary use case is loading keys and certificates, e.g.:

urn:secrets-rs:file:/etc/ssl/private/server.key   // absolute — same in both modes
urn:secrets-rs:file:certs/ca.crt                  // relative — stable only with with_base

§Security

Because the URN name is used as a filesystem path without further validation, binding a FileSource secret with an attacker-controlled URN is an arbitrary file-read vulnerability. Only bind URNs that come from trusted configuration (static code, operator-supplied config files with restricted write permissions, etc.). Never construct or accept urn:secrets-rs:file:... URNs from untrusted input such as API requests, user-supplied data, or deserialized network payloads.

with_base anchors relative resolution to a known directory but does not prevent path-traversal sequences (../) in the URN name from escaping that directory; the trusted-configuration requirement still applies.

Implementations§

Source§

impl FileSource

Source

pub fn new() -> Self

Creates a FileSource that resolves relative paths against the process’s current working directory at call time.

Source

pub fn with_base(base: impl Into<PathBuf>) -> Self

Creates a FileSource that resolves relative paths against base.

base is captured at construction time, so subsequent calls to std::env::set_current_dir do not affect resolution. For stable behaviour base should be an absolute path; if it is relative it is stored as-is and still subject to CWD changes.

Absolute paths in the URN name are used as-is regardless of base.

Trait Implementations§

Source§

impl Default for FileSource

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Source for FileSource

Source§

fn get(&self, name: &str) -> Result<Vec<u8>, SourceError>

Retrieve the raw bytes for the secret identified by name.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.