Crate spire_api 

Rust client bindings for SPIRE gRPC APIs.

This crate provides ergonomic wrappers around SPIRE’s gRPC APIs (generated from protobuf) with strongly-typed request helpers.

Endpoints and transport

SPIRE exposes multiple gRPC APIs (e.g. the Agent API) over a local endpoint. In most deployments this is a Unix domain socket.

The high-level clients in this crate typically accept a pre-built tonic::transport::Channel. This keeps transport configuration explicit and composable (timeouts, TLS, interceptors, etc).

Quick start

use spire_api::{DelegatedIdentityClient, DelegateAttestationRequest};
use spire_api::selectors;

// Build a tonic Channel (example shown for a standard TCP URI).
// For Unix domain sockets, build the Channel using a custom connector.
let channel = tonic::transport::Channel::from_static("http://127.0.0.1:8081")
    .connect()
    .await?;

let client = DelegatedIdentityClient::new(channel)?;

let svid = client
    .fetch_x509_svid(DelegateAttestationRequest::Selectors(vec![
        selectors::Selector::Unix(selectors::Unix::Uid(1000)),
    ]))
    .await?;

println!("SPIFFE ID: {}", svid.spiffe_id());

Generated protobuf types

Protobuf-generated types are available under pb. Most users should not need to use these directly, but they are exposed for advanced use-cases.

Re-exports

pub use agent::delegated_identity::DelegateAttestationRequest;

pub use agent::delegated_identity::DelegatedIdentityClient;

Modules

agent

SPIRE Agent API clients. Agent API

pb

Protobuf-generated types for SPIRE APIs.

prelude

Common re-exports for convenience.

selectors

Selector types used by SPIRE APIs. Selectors conforming to SPIRE standards.