Skip to main content

SecretsBackend

yeti_types::secrets

Trait SecretsBackend 

Source 
pub trait SecretsBackend:
    Send
    + Sync
    + 'static {
    // Required methods
    fn resolve_tls_profile<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        name: &'life1 str,
        tenant: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<TlsHandle>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn get_credential<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        name: &'life1 str,
        tenant: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<CredentialHandle>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn get_string<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        name: &'life1 str,
        tenant: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<SecretString>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn subscribe(
        &self,
        name: &str,
        tenant: &str,
    ) -> Pin<Box<dyn Stream<Item = RotationEvent> + Send>>;
}
Expand description

Pluggable secrets backend trait — ADR-014 §5.

Implemented by plugin-secrets-vault and plugin-secrets-file. The host registers one backend at startup; it resolves all secret references throughout the deployment.

#[async_trait] is used to make the trait dyn-compatible.

Required Methods§

Source

fn resolve_tls_profile<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, tenant: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<TlsHandle>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Resolve a named TLS profile to an opaque handle. name uses scheme-routing: vault://prod/tls/kafka, file://kafka-prod.

Source

fn get_credential<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, tenant: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<CredentialHandle>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Resolve a named credential.

Source

fn get_string<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, name: &'life1 str, tenant: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<SecretString>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Read a named secret as a zeroizing string.

Source

fn subscribe( &self, name: &str, tenant: &str, ) -> Pin<Box<dyn Stream<Item = RotationEvent> + Send>>

Subscribe to rotation events. Implementations that don’t support rotation return an empty stream.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§