Expand description
ZLayer Secrets Management
Provides secure storage and retrieval of secrets for container workloads.
§Scoping
Secrets are organized hierarchically:
- Deployment-level: Shared by all services in a deployment
- Service-level: Specific to a single service
§Syntax
$S:secret-name- Deployment-level secret$S:@service/secret-name- Service-specific secret$secret://<env>/<KEY>- Environment-scoped secret (requires anEnvScopeProviderwired viaSecretsResolver::with_env_resolver)$secret://<env>/<KEY>/<field>- With JSON field extraction
Re-exports§
pub use credentials::CredentialStore;pub use git_credentials::GitCredential;pub use git_credentials::GitCredentialKind;pub use git_credentials::GitCredentialStore;pub use registry_credentials::RegistryAuthType;pub use registry_credentials::RegistryCredential;pub use registry_credentials::RegistryCredentialStore;
Modules§
- credentials
- Credential store for API authentication.
- git_
credentials - Typed credential store for Git authentication (PAT or SSH key).
- registry_
credentials - Typed credential store for Docker/OCI registry authentication.
Structs§
- Encryption
Key - Encryption key with secure memory handling.
- KeyManager
- Manages encryption keys for secret storage.
- Persistent
Secrets Store - Persistent secrets store backed by
SQLitewith encryption. - Rotation
Result - Result of a secret rotation — records the version before and after the rotate call.
- Secret
- A secure secret wrapper that provides memory safety guarantees.
- Secret
Metadata - Metadata associated with a stored secret.
- Secret
Ref - A reference to a secret, parsed from the
$S:prefix syntax. - Secrets
Resolver - Resolver for secret references in configuration values.
Enums§
- Secret
Scope - The scope of a secret - determines visibility and access.
- Secrets
Error
Traits§
- EnvScope
Provider - Resolves an environment name-or-id to the scope string used by the
underlying
SecretsStore. - Secrets
Provider - Read-only secrets provider trait.
- Secrets
Store - Read-write secrets store trait.