Expand description
Typed credential store for Docker/OCI registry authentication.
Built on top of any SecretsStore implementation, this module provides
structured storage for registry credentials. Metadata (registry, username,
auth type) is stored as JSON in the registry_credentials_meta scope, while
the actual password/token is stored as a secret in the registry_credentials
scope. Both are keyed by a UUID identifier.
§Example
ⓘ
use zlayer_secrets::{EncryptionKey, PersistentSecretsStore};
use zlayer_secrets::registry_credentials::{RegistryCredentialStore, RegistryAuthType};
let key = EncryptionKey::generate();
let secrets_dir = zlayer_paths::ZLayerDirs::system_default().secrets();
let store = PersistentSecretsStore::open(&secrets_dir, key).await?;
let reg_store = RegistryCredentialStore::new(store);
let cred = reg_store.create("ghcr.io", "ci-bot", "ghp_xxxx", RegistryAuthType::Token).await?;
let password = reg_store.get_password(&cred.id).await?;
assert_eq!(password.expose(), "ghp_xxxx");Structs§
- Registry
Credential - Docker/OCI registry credential metadata.
- Registry
Credential Store - Store for Docker/OCI registry credentials.
Enums§
- Registry
Auth Type - Authentication method for a registry credential.