pub trait CredentialProvider: Send + Sync {
// Required method
fn credential<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
request: &'life1 CredentialRequest<'life2>,
) -> Pin<Box<dyn Future<Output = Result<Option<Credential>>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
}Expand description
Supplies a Credential for a CredentialRequest, just-in-time. Returning
Ok(None) means “I have nothing for this request” — the backend then falls
back to its ambient CLI auth, exactly as if no provider were configured.
Implement this for a vault/keychain lookup, per-account routing, or token
rotation; for simple cases use StaticCredential, EnvToken, or
provider_fn. The trait is async and dyn-compatible, so a backend can hold
an Arc<dyn CredentialProvider>.
Required Methods§
Sourcefn credential<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
request: &'life1 CredentialRequest<'life2>,
) -> Pin<Box<dyn Future<Output = Result<Option<Credential>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn credential<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
request: &'life1 CredentialRequest<'life2>,
) -> Pin<Box<dyn Future<Output = Result<Option<Credential>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Resolve the credential for request, or Ok(None) to defer to ambient
auth. An Err aborts the operation (e.g. the vault was unreachable).
A returned credential whose secret is empty is treated as None
(ambient) by the clients — an empty token can’t authenticate, and injecting
one would override the ambient login with nothing rather than defer to it.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".