Enum securestore::KeySource
source · [−]Expand description
A KeySource
specifies the source of the encryption/decryption keys used by
a SecretsManager
instance when loading or interacting with a SecureStore
vault.
Note that it is possible for different KeySource
variants to be equivalent
and used interchangeably. For instance, you can derive the secret keys from
a password (via KeySource::Password
) when reading/writing a SecureStore
vault from the command line (via the companion cli app/crate, ssclient
)
but then export a copy of the keys derived from that password to a keyfile
and use that when accessing the vault from your code in production (as a
KeySource::Path
variant). See SecretsManager::export_key()
or
the ssclient
documentation for more info.
Note that when creating a new vault with KeySource::Csprng
the generated
private keys should be exported via SecretsManager::export_key()
before dropping the SecretsManager
instance; the exported keyfile should
then be used the next time the vault is loaded (via KeySource::Path
).
Variants (Non-exhaustive)
This enum is marked as non-exhaustive
Path(&'a Path)
Load the keys from a keyfile on-disk. Both binary and PEM keyfiles are supported.
Password(&'a str)
Derive keys from the specified password.
You most likely do not want to use this KeySource
variant directly;
instead use ssclient
with a password when managing the secrets
in the SecureStore vault at the command line, and use ssclient
to
export a keyfile equivalent to that password to use to retrieve
passwords at runtime (via KeySource::Path
or
[KeySource::from_file()
).
Csprng
Automatically generate a new key file from a secure RNG, for use with
SecretsManager::new()
only.
SecretsManager::export_key()
should be used to export the
keys before the SecretsManager
instance is disposed or else the
generated key will be lost and secrets will not be decryptable. The
store should subsequently be loaded with KeySource::Path
pointing to
the exported key’s path.
Implementations
Trait Implementations
sourceimpl GenericKeySource for KeySource<'_>
impl GenericKeySource for KeySource<'_>
fn key_source<'a>(&'a self) -> KeySource<'a>
Auto Trait Implementations
impl<'a> RefUnwindSafe for KeySource<'a>
impl<'a> Send for KeySource<'a>
impl<'a> Sync for KeySource<'a>
impl<'a> Unpin for KeySource<'a>
impl<'a> UnwindSafe for KeySource<'a>
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more