Skip to main content

KeyProvider

Trait KeyProvider 

Source
pub trait KeyProvider: Send + Sync {
    // Required methods
    fn active_key(&self) -> [u8; 32];
    fn read_keys(&self) -> Vec<[u8; 32]>;
}
Expand description

Supplies the signing material a DiskArtifactStore uses, abstracting over key rotation.

A store always writes under a single active key (so a fresh put lands under one fingerprint and round-trips cleanly), but during a rotation it must still be able to read blobs that were written under an older, now-retired key. A KeyProvider therefore exposes two things:

  • Self::active_key — the one key new puts sign with, and the key list reports the store’s “own” namespace under; and
  • Self::read_keys — every key a get / list is allowed to try, newest first. The active key MUST appear in this set.

On a get, the store tries each read key’s namespaced file in turn (keys partition the on-disk namespace by fingerprint, so at most one can match a given content hash). On a list, the store unions the hashes visible under every read key, so an audit sees blobs across the rotation boundary.

Implementations MUST be Send + Sync (the store is shared behind an Arc). Keys are returned by value ([u8; 32]) rather than borrowed so a provider backing onto a rotating KMS can mint them on demand.

Required Methods§

Source

fn active_key(&self) -> [u8; 32]

The key new puts sign with. MUST be one of Self::read_keys.

Source

fn read_keys(&self) -> Vec<[u8; 32]>

Every key a read (get / list) may try, conventionally newest first so the common “just-written under the active key” case hits on the first probe. The active key MUST be present.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§