pub trait SecretStore: Send + Sync {
// Required methods
fn get_api_key(&self, key: &str) -> Option<Secret<String>>;
fn set_api_key(&self, key: &str, value: &str) -> Result<(), VaultError>;
fn delete_api_key(&self, key: &str) -> Result<(), VaultError>;
fn list_api_keys(&self) -> Vec<String>;
fn get_secret(&self, key: &str) -> Option<Secret<String>>;
fn set_secret(&self, key: &str, value: &str) -> Result<(), VaultError>;
fn delete_secret(&self, key: &str) -> Result<(), VaultError>;
fn list_secrets(&self) -> Vec<String>;
fn has_key(&self, key: &str) -> bool;
fn is_unlocked(&self) -> bool;
}Expand description
Core secret storage interface.
Provides two-tier secret management:
- Tier 1: API keys stored in plaintext (no unlock required)
- Tier 2: Secrets encrypted with AES-256-GCM (unlock required)