Skip to main content

Vault

Struct Vault 

Source
pub struct Vault { /* private fields */ }
Expand description

An open, in-memory vault.

Dropping the value drops the underlying decrypted material. Best-effort memory zeroing is delegated to the keepass crate where supported.

Implementations§

Source§

impl Vault

Source

pub fn create(path: &Path, password: &str) -> Result<Self>

Create a new kdbx file at path, encrypted with password. Errors if the file already exists.

Source

pub fn open(path: &Path, password: &str) -> Result<Self>

Open an existing kdbx file with a password.

Source

pub fn save(&mut self) -> Result<()>

Persist in-memory state back to the original path (atomic replace).

Source

pub fn path(&self) -> &Path

Source

pub fn add_entry(&mut self, title: &str) -> Result<EntryId>

Add a new entry. The title is interpreted as a /-separated path: the leading segments name a group hierarchy (created as needed, mkdir -p semantics), and the trailing segment becomes the entry title. A title with no / lands at the root group, matching the previous behavior.

A leading Root segment (case-insensitive) names the root group itself, so add_entry("Root/github") is identical to add_entry("github").

Examples:

  • add_entry("github") → “github” in the root group
  • add_entry("Work/SSH/github") → group “Work” > “SSH”, entry “github”

Empty segments (//, /foo, foo/) and the empty title are rejected with Error::InvalidPath. Group lookups are case-insensitive (matches keepass-rs and KeePassXC behavior), so work/ssh resolves to an existing Work/SSH. Returns the entry’s stable ID.

Source

pub fn list_entries(&self) -> Vec<EntrySummary>

List all entries in the vault (recursively across all groups).

Source

pub fn get_entry(&self, id: &EntryId) -> Option<EntrySummary>

Look up an entry by ID. Returns None if no such entry exists.

Source

pub fn find_by_title(&self, title: &str) -> Option<EntryId>

Look up an entry by title or path.

  • Plain title with no /: returns the first entry whose leaf title matches (current behavior). Search is exact (case-sensitive) on the leaf title across all groups.
  • Path with /: navigates group/sub/.../leaf and matches only the entry at exactly that path. Group navigation is case-insensitive (matching keepass-rs); the leaf title comparison is exact.

Returns None if no such entry exists, or if any group segment in the path is missing.

Source

pub fn set_field( &mut self, id: &EntryId, field: &str, value: &str, ) -> Result<()>

Set or replace a string field on an entry. Standard fields: "Title", "UserName", "Password", "URL", "Notes". Custom fields permitted.

Source

pub fn attach_binary( &mut self, id: &EntryId, name: &str, bytes: &[u8], ) -> Result<()>

Attach a binary blob (e.g. an SSH private key) to an entry under name. Replaces any existing attachment with the same name.

Bytes are stored as a real KDBX4 inner-header binary attachment with a <Binary Ref="N"/> reference inside the entry, matching what KeePassXC writes. The Protected flag is left at the default (off) — KeePassXC likewise stores SSH private keys without it.

Source

pub fn read_binary(&self, id: &EntryId, name: &str) -> Result<Option<Vec<u8>>>

Read an attachment’s bytes. Returns Ok(None) if the entry exists but has no such attachment. Errors if the entry itself does not exist.

Source

pub fn remove_binary(&mut self, id: &EntryId, name: &str) -> Result<()>

Remove an attachment from an entry. No-op if the attachment is missing.

Source

pub fn delete_entry(&mut self, id: &EntryId) -> Result<()>

Delete an entry by ID.

Source

pub fn get_field(&self, id: &EntryId, field: &str) -> Result<Option<String>>

Read a single string field from an entry. Returns None if the field is missing. Errors if the entry itself does not exist.

Used by the materialization layer to read Materialize.* custom fields from entries that opt in.

Source

pub fn fields_with_prefix( &self, id: &EntryId, prefix: &str, ) -> Result<Vec<String>>

Return the names of every custom string field on an entry whose name starts with prefix. Field names are returned in unspecified order. Errors if the entry does not exist.

Used by the materialization layer so the daemon can quickly tell which entries opt in (any entry with at least one Materialize.* field).

Auto Trait Implementations§

§

impl Freeze for Vault

§

impl RefUnwindSafe for Vault

§

impl Send for Vault

§

impl Sync for Vault

§

impl Unpin for Vault

§

impl UnsafeUnpin for Vault

§

impl UnwindSafe for Vault

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.