Enum securestore::KeySource

source · []
#[non_exhaustive]
pub enum KeySource<'a> {
    Path(&'a Path),
    Password(&'a str),
    Csprng,
}
Expand description

A KeySource specifies the source of the encryption/decryption keys used by a SecretsManager instance when loading or interacting with a SecureStore vault.

Note that it is possible for different KeySource variants to be equivalent and used interchangeably. For instance, you can derive the secret keys from a password (via KeySource::Password) when reading/writing a SecureStore vault from the command line (via the companion cli app/crate, ssclient) but then export a copy of the keys derived from that password to a keyfile and use that when accessing the vault from your code in production (as a KeySource::Path variant). See SecretsManager::export_key() or the ssclient documentation for more info.

Note that when creating a new vault with KeySource::Csprng the generated private keys should be exported via SecretsManager::export_key() before dropping the SecretsManager instance; the exported keyfile should then be used the next time the vault is loaded (via KeySource::Path).

Variants (Non-exhaustive)

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

Path(&'a Path)

Load the keys from a keyfile on-disk. Both binary and PEM keyfiles are supported.

Password(&'a str)

Derive keys from the specified password.

You most likely do not want to use this KeySource variant directly; instead use ssclient with a password when managing the secrets in the SecureStore vault at the command line, and use ssclient to export a keyfile equivalent to that password to use to retrieve passwords at runtime (via KeySource::Path or [KeySource::from_file()).

Csprng

Automatically generate a new key file from a secure RNG, for use with SecretsManager::new() only.

SecretsManager::export_key() should be used to export the keys before the SecretsManager instance is disposed or else the generated key will be lost and secrets will not be decryptable. The store should subsequently be loaded with KeySource::Path pointing to the exported key’s path.

Implementations

Use in lieu of KeySource::Path for cases where path implements AsRef<Path> but isn’t specifically a &Path itself.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.