vault_client_rs/api/sys/
wrapping.rs1use std::collections::HashMap;
2
3use reqwest::Method;
4use secrecy::{ExposeSecret, SecretString};
5use serde::de::DeserializeOwned;
6
7use crate::types::error::VaultError;
8use crate::types::response::WrapInfo;
9use crate::types::sys::KeyStatus;
10
11use super::SysHandler;
12
13impl SysHandler<'_> {
14 pub async fn unwrap<T: DeserializeOwned>(&self, token: &SecretString) -> Result<T, VaultError> {
15 let body = serde_json::json!({ "token": token.expose_secret() });
16 self.client
17 .exec_with_data(Method::POST, "sys/wrapping/unwrap", Some(&body))
18 .await
19 }
20
21 pub async fn unwrap_str<T: DeserializeOwned>(&self, token: &str) -> Result<T, VaultError> {
23 self.unwrap(&SecretString::from(token)).await
24 }
25
26 pub async fn wrap_lookup(&self, token: &SecretString) -> Result<WrapInfo, VaultError> {
27 let body = serde_json::json!({ "token": token.expose_secret() });
28 self.client
29 .exec_with_data(Method::POST, "sys/wrapping/lookup", Some(&body))
30 .await
31 }
32
33 pub async fn capabilities(
34 &self,
35 token: &SecretString,
36 paths: &[&str],
37 ) -> Result<HashMap<String, Vec<String>>, VaultError> {
38 let body = serde_json::json!({
39 "token": token.expose_secret(),
40 "paths": paths,
41 });
42 self.client
43 .exec_with_data(Method::POST, "sys/capabilities", Some(&body))
44 .await
45 }
46
47 pub async fn capabilities_self(
48 &self,
49 paths: &[&str],
50 ) -> Result<HashMap<String, Vec<String>>, VaultError> {
51 let body = serde_json::json!({ "paths": paths });
52 self.client
53 .exec_with_data(Method::POST, "sys/capabilities-self", Some(&body))
54 .await
55 }
56
57 pub async fn key_status(&self) -> Result<KeyStatus, VaultError> {
58 self.client
59 .exec_with_data(Method::GET, "sys/key-status", None)
60 .await
61 }
62
63 pub async fn rotate_encryption_key(&self) -> Result<(), VaultError> {
64 self.client
65 .exec_empty(Method::PUT, "sys/rotate", None)
66 .await
67 }
68}