pub trait SecretStore: Send + Sync {
// Required methods
fn set<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: &'life3 str,
secret_data: &'life4 [u8],
metadata: Value,
) -> Pin<Box<dyn Future<Output = Result<String, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait;
fn get<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: &'life3 str,
) -> Pin<Box<dyn Future<Output = Result<Option<SecretRecord>, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait;
fn get_by_id<'life0, 'life1, 'async_trait>(
&'life0 self,
id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Option<SecretRecord>, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
fn delete<'life0, 'life1, 'async_trait>(
&'life0 self,
id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), SecretError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
fn list<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: Option<&'life3 str>,
) -> Pin<Box<dyn Future<Output = Result<Vec<SecretRecord>, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait;
// Provided method
fn rotate_encryption<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<usize, SecretError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait { ... }
}Expand description
Trait for pluggable secret storage
Critical: Implementations MUST encrypt secrets at rest Consider using:
- HashiCorp Vault
- AWS Secrets Manager
- Azure Key Vault
- GCP Secret Manager
- Database with application-level encryption
Required Methods§
Sourcefn set<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: &'life3 str,
secret_data: &'life4 [u8],
metadata: Value,
) -> Pin<Box<dyn Future<Output = Result<String, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
fn set<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: &'life3 str,
secret_data: &'life4 [u8],
metadata: Value,
) -> Pin<Box<dyn Future<Output = Result<String, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Store a secret (implementation handles encryption)
Sourcefn get<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: &'life3 str,
) -> Pin<Box<dyn Future<Output = Result<Option<SecretRecord>, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn get<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: &'life3 str,
) -> Pin<Box<dyn Future<Output = Result<Option<SecretRecord>, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Retrieve a secret (implementation handles decryption)
Sourcefn get_by_id<'life0, 'life1, 'async_trait>(
&'life0 self,
id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Option<SecretRecord>, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn get_by_id<'life0, 'life1, 'async_trait>(
&'life0 self,
id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<Option<SecretRecord>, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Get a specific secret by ID
Sourcefn delete<'life0, 'life1, 'async_trait>(
&'life0 self,
id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn delete<'life0, 'life1, 'async_trait>(
&'life0 self,
id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<(), SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Delete a secret
Sourcefn list<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: Option<&'life3 str>,
) -> Pin<Box<dyn Future<Output = Result<Vec<SecretRecord>, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn list<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
user_id: &'life1 str,
tenant_id: &'life2 TenantId,
factor_id: Option<&'life3 str>,
) -> Pin<Box<dyn Future<Output = Result<Vec<SecretRecord>, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
List all secrets for a user/tenant/factor combination
Provided Methods§
Sourcefn rotate_encryption<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<usize, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn rotate_encryption<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<usize, SecretError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Rotate encryption keys (for implementations that support it)
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".