zlayer_secrets/
lib.rs

1//! `ZLayer` Secrets Management
2//!
3//! Provides secure storage and retrieval of secrets for container workloads.
4//!
5//! ## Scoping
6//! Secrets are organized hierarchically:
7//! - Deployment-level: Shared by all services in a deployment
8//! - Service-level: Specific to a single service
9//!
10//! ## Syntax
11//! - `$S:secret-name` - Deployment-level secret
12//! - `$S:@service/secret-name` - Service-specific secret
13//! - `$secret://<env>/<KEY>` - Environment-scoped secret (requires an
14//!   [`EnvScopeProvider`] wired via [`SecretsResolver::with_env_resolver`])
15//! - `$secret://<env>/<KEY>/<field>` - With JSON field extraction
16
17mod encryption;
18mod error;
19mod key_manager;
20mod provider;
21mod types;
22
23#[cfg(feature = "persistent")]
24mod persistent;
25
26#[cfg(feature = "persistent")]
27pub mod credentials;
28
29#[cfg(feature = "persistent")]
30pub mod registry_credentials;
31
32#[cfg(feature = "persistent")]
33pub mod git_credentials;
34
35#[cfg(feature = "vault")]
36mod vault;
37
38pub use encryption::EncryptionKey;
39pub use error::{Result, SecretsError};
40pub use key_manager::KeyManager;
41pub use provider::{EnvScopeProvider, SecretsProvider, SecretsResolver, SecretsStore};
42pub use types::{RotationResult, Secret, SecretMetadata, SecretRef, SecretScope};
43
44#[cfg(feature = "persistent")]
45pub use persistent::PersistentSecretsStore;
46
47#[cfg(feature = "persistent")]
48pub use credentials::CredentialStore;
49
50#[cfg(feature = "persistent")]
51pub use git_credentials::{GitCredential, GitCredentialKind, GitCredentialStore};
52
53#[cfg(feature = "persistent")]
54pub use registry_credentials::{RegistryAuthType, RegistryCredential, RegistryCredentialStore};
55
56#[cfg(feature = "vault")]
57pub use vault::VaultSecretsProvider;
zlayer_secrets/lib.rs

zlayer_secrets/
lib.rs
