Enum KeySource

Source
#[non_exhaustive]
pub enum KeySource<'a> { Path(&'a Path), Password(&'a str), Csprng, }
Expand description

A KeySource specifies the source of the encryption/decryption keys used by a SecretsManager instance when loading or interacting with a SecureStore vault.

Note that it is possible for different KeySource variants to be equivalent and used interchangeably. For instance, you can derive the secret keys from a password (via KeySource::Password) when reading/writing a SecureStore vault from the command line (via the companion cli app/crate, ssclient) but then export a copy of the keys derived from that password to a keyfile and use that when accessing the vault from your code in production (as a KeySource::Path variant). See SecretsManager::export_key() or the ssclient documentation for more info.

Note that when creating a new vault with KeySource::Csprng the generated private keys should be exported via SecretsManager::export_key() before dropping the SecretsManager instance; the exported keyfile should then be used the next time the vault is loaded (via KeySource::Path).

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

Path(&'a Path)

Load the keys from a keyfile on-disk. Both binary and PEM keyfiles are supported.

§

Password(&'a str)

Derive keys from the specified password.

You most likely do not want to use this KeySource variant directly; instead use ssclient with a password when managing the secrets in the SecureStore vault at the command line, and use ssclient to export a keyfile equivalent to that password to use to retrieve passwords at runtime (via KeySource::Path or [KeySource::from_file()).

§

Csprng

Automatically generate a new key file from a secure RNG, for use with SecretsManager::new() only.

SecretsManager::export_key() should be used to export the keys before the SecretsManager instance is disposed or else the generated key will be lost and secrets will not be decryptable. The store should subsequently be loaded with KeySource::Path pointing to the exported key’s path.

Implementations§

Source§

impl<'a> KeySource<'a>

Source

pub fn from_file<P: AsRef<Path> + 'a>(path: P) -> impl GenericKeySource + 'a

Use in lieu of KeySource::Path for cases where path implements AsRef<Path> but isn’t specifically a &Path itself.

Trait Implementations§

Source§

impl<'a> Clone for KeySource<'a>

Source§

fn clone(&self) -> KeySource<'a>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl GenericKeySource for KeySource<'_>

Source§

fn key_source<'a>(&'a self) -> KeySource<'a>

Auto Trait Implementations§

§

impl<'a> Freeze for KeySource<'a>

§

impl<'a> RefUnwindSafe for KeySource<'a>

§

impl<'a> Send for KeySource<'a>

§

impl<'a> Sync for KeySource<'a>

§

impl<'a> Unpin for KeySource<'a>

§

impl<'a> UnwindSafe for KeySource<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.