Skip to main content

Vault

tsafe_core::vault

Struct Vault 

Source 
pub struct Vault { /* private fields */ }
Expand description

An open, authenticated vault. key is held in memory and zeroed on drop. Holds an advisory lock file (<name>.vault.lock) to prevent concurrent access. The lock is acquired before any read or snapshot-restore work begins and is only removed by the process that created it.

Implementations§

Source§

impl Vault

Source

pub fn create(path: &Path, password: &[u8]) -> SafeResult<Self>

Create a new empty vault at path, protected by password.

Source

pub fn create_with_access_profile( path: &Path, password: &[u8], access_profile: RbacProfile, ) -> SafeResult<Self>

Create a new vault with an explicit access profile.

This is mainly a future-facing policy hook. A read_only profile is rejected because creation is inherently a write operation.

Source

pub fn open(path: &Path, password: &[u8]) -> SafeResult<Self>

Open and authenticate an existing vault. If the vault file is missing or corrupt, auto-heals from the latest snapshot.

Source

pub fn open_read_only(path: &Path, password: &[u8]) -> SafeResult<Self>

Open an existing vault in read-only mode.

Unlike the normal open path, read-only opens do not auto-heal missing or corrupt vaults from snapshots because that would mutate on-disk state.

Source

pub fn open_with_access_profile( path: &Path, password: &[u8], access_profile: RbacProfile, ) -> SafeResult<Self>

Open and authenticate an existing vault with an explicit access profile.

Source

pub fn open_with_key(path: &Path, key: VaultKey) -> SafeResult<Self>

Open a vault with a pre-derived key (e.g. a DEK unwrapped from an age header). Skips KDF validation — the caller is responsible for providing a valid key.

Source

pub fn open_with_key_read_only(path: &Path, key: VaultKey) -> SafeResult<Self>

Open a vault with a pre-derived key in read-only mode.

Source

pub fn open_with_key_with_access_profile( path: &Path, key: VaultKey, access_profile: RbacProfile, ) -> SafeResult<Self>

Open a vault with a pre-derived key and an explicit access profile.

Source

pub fn is_team_vault(path: &Path) -> bool

Check if a vault file on disk is a team vault (has age recipients). Reads only the metadata — does not require authentication.

Source

pub fn save(&self) -> SafeResult<()>

Atomically write vault to disk (write-to-tmp then rename). A snapshot of the previous state is taken before overwriting.

Source

pub fn set( &mut self, key: &str, value: &str, tags: HashMap<String, String>, ) -> SafeResult<()>

Insert or update a secret. Idempotent — repeated calls with same value are safe. Key must match [A-Za-z_][A-Za-z0-9_]* (valid env-var name) and be ≤ 256 chars.

Source

pub fn get(&self, key: &str) -> SafeResult<Zeroizing<String>>

Decrypt and return a secret value wrapped in Zeroizing so it is automatically wiped from memory when dropped.

Source

pub fn delete(&mut self, key: &str) -> SafeResult<()>

Remove a secret. Returns SecretNotFound if the key does not exist.

Source

pub fn rename_key( &mut self, old_key: &str, new_key: &str, overwrite: bool, ) -> SafeResult<()>

Rename / move a secret key within this vault.

The full entry (ciphertext, tags, history) is preserved under new_key. Returns SecretNotFound if old_key does not exist, SecretAlreadyExists if new_key is already occupied and overwrite is false.

Source

pub fn list(&self) -> Vec<&str>

List all secret key names in sorted order.

Source

pub fn export_all(&self) -> SafeResult<HashMap<String, String>>

Decrypt and return all secrets as a plain map. Prefer get for single access. Values are plain Strings (not Zeroizing) for ergonomic iteration; callers should drop the map promptly after use.

Source

pub fn get_version( &self, key: &str, version: usize, ) -> SafeResult<Zeroizing<String>>

Decrypt a specific version of a secret. Version 0 is the current value, version 1 is the most recent previous value, etc.

Source

pub fn history(&self, key: &str) -> SafeResult<Vec<(usize, DateTime<Utc>)>>

List version metadata for a key. Returns (version_number, updated_at) pairs, newest first. Version 0 is the current value.

Source

pub fn revert_to_version(&mut self, key: &str, version: usize) -> SafeResult<()>

Revert a secret to a previous version. version follows the same numbering as history(): 0 is current, 1 is the most recent previous value, etc.

The reverted value becomes the new current version, and the old current value is pushed onto the history stack (capped at DEFAULT_HISTORY_KEEP).

Source

pub fn prune_history(&mut self, key: &str, keep_n: usize) -> SafeResult<()>

Prune the version history for a secret to keep at most keep_n previous versions. If the secret has fewer than keep_n history entries nothing changes. keep_n == 0 clears all history.

Source

pub fn rotate(&mut self, new_password: &[u8]) -> SafeResult<()>

Re-encrypt all secrets under a new master password. Atomic — vault is only updated on-disk after all secrets are successfully re-encrypted.

Source

pub fn path(&self) -> &Path

Source

pub fn secret_count(&self) -> usize

Source

pub fn access_profile(&self) -> RbacProfile

Source

pub fn with_access_profile(self, access_profile: RbacProfile) -> Self

Relabel the current handle with a different access profile.

Source

pub fn file(&self) -> &VaultFile

Read-only access to the raw vault file metadata. Use get(), list(), export_all() etc. for secret access.

Source

pub fn ensure_write_allowed(&self) -> SafeResult<()>

Auto Trait Implementations§

§

impl Freeze for Vault

§

impl RefUnwindSafe for Vault

§

impl Send for Vault

§

impl Sync for Vault

§

impl Unpin for Vault

§

impl UnsafeUnpin for Vault

§

impl UnwindSafe for Vault

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more