pub trait KeyProvider: Send + Sync {
// Required methods
fn active_key(&self) -> [u8; 32];
fn read_keys(&self) -> Vec<[u8; 32]>;
}Expand description
Supplies the signing material a DiskArtifactStore uses, abstracting
over key rotation.
A store always writes under a single active key (so a fresh put
lands under one fingerprint and round-trips cleanly), but during a
rotation it must still be able to read blobs that were written under
an older, now-retired key. A KeyProvider therefore exposes two
things:
Self::active_key— the one key newputs sign with, and the keylistreports the store’s “own” namespace under; andSelf::read_keys— every key aget/listis allowed to try, newest first. The active key MUST appear in this set.
On a get, the store tries each read key’s namespaced file in turn
(keys partition the on-disk namespace by fingerprint, so at most one
can match a given content hash). On a list, the store unions the
hashes visible under every read key, so an audit sees blobs across the
rotation boundary.
Implementations MUST be Send + Sync (the store is shared behind an
Arc). Keys are returned by value ([u8; 32]) rather than borrowed so
a provider backing onto a rotating KMS can mint them on demand.
Required Methods§
Sourcefn active_key(&self) -> [u8; 32]
fn active_key(&self) -> [u8; 32]
The key new puts sign with. MUST be one of Self::read_keys.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".