Struct VaultSecretStore 

pub struct VaultSecretStore { /* private fields */ }

A client interface that uses the Hashicorp Vault HTTP API.

Implementations

impl VaultSecretStore

pub fn new( server: Url, server_cert: Option<Certificate>, tls_insecure: bool, unauthorized_timeout: Duration, max_secrets_cached: usize, ttl_field: Option<&str>, ) -> Self

Establish a new client to Hashicorp Vault. In the case where TLS is required, a root certificate may be provided e.g. when using self-signed certificates. TLS connections are encouraged. An unauthorized_timeout determines how long the server should wait before being requested again. A max_secrets_cached arg limits the number of secrets that can be held at any time.

Avoid creating many new Vault secret stores and clone them instead so that HTTP connection pools can be shared.

pub fn with_new_auth_prepared(ss: &Self) -> Self

Trait Implementations

impl Clone for VaultSecretStore

fn clone(&self) -> VaultSecretStore

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl SecretStore for VaultSecretStore

fn approle_auth<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, role_id: &'life1 str, secret_id: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<AppRoleAuthReply, Error>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Perform an app authentication given a role and secret. If successful, then the secret store will be updated with a client token thereby permitting subsequent operations including getting secrets.

fn create_secret<'life0, 'life1, 'async_trait>( &'life0 self, _secret_path: &'life1 str, _secret_data: SecretData, ) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Attempt to create/update a secret.

fn get_secret<'life0, 'life1, 'async_trait>( &'life0 self, secret_path: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Option<GetSecretReply>, Error>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Attempt to access a secret. An optional value of None in reply means that the client is unauthorized to obtain it - either due to authorization or it may just not exist.

fn userpass_auth<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, username: &'life1 str, password: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<UserPassAuthReply, Error>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Perform an app authentication given a username and password.

fn token_auth<'life0, 'life1, 'async_trait>( &'life0 self, _token: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Given a token, authenticate the secret store.

fn userpass_create_update_user<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, current_username: &'life1 str, username: &'life2 str, password: &'life3 str, ) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Updates a username and password.