Skip to main content

CredentialProvider

Trait CredentialProvider 

Source
pub trait CredentialProvider: Send + Sync {
    // Required method
    fn credential<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        request: &'life1 CredentialRequest<'life2>,
    ) -> Pin<Box<dyn Future<Output = Result<Option<Credential>>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
}
Expand description

Supplies a Credential for a CredentialRequest, just-in-time. Returning Ok(None) means “I have nothing for this request” — the backend then falls back to its ambient CLI auth, exactly as if no provider were configured.

Implement this for a vault/keychain lookup, per-account routing, or token rotation; for simple cases use StaticCredential, EnvToken, or provider_fn. The trait is async and dyn-compatible, so a backend can hold an Arc<dyn CredentialProvider>.

Required Methods§

Source

fn credential<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, request: &'life1 CredentialRequest<'life2>, ) -> Pin<Box<dyn Future<Output = Result<Option<Credential>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Resolve the credential for request, or Ok(None) to defer to ambient auth. An Err aborts the operation (e.g. the vault was unreachable).

A returned credential whose secret is empty is treated as None (ambient) by the clients — an empty token can’t authenticate, and injecting one would override the ambient login with nothing rather than defer to it.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§