Skip to main content

SecretsStore

zlayer_secrets

Trait SecretsStore 

Source 
pub trait SecretsStore: SecretsProvider {
    // Required methods
    fn set_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
        value: &'life3 Secret,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait;
    fn delete_secret<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;

    // Provided methods
    fn rotate_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
        value: &'life3 Secret,
    ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
       where Self: Sync + 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait { ... }
    fn set_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
        value: &'life3 Secret,
        _node_affinity: Option<&'life4 NodeAffinity>,
    ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
       where Self: Sync + 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait,
             'life4: 'async_trait { ... }
    fn rotate_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
        value: &'life3 Secret,
        _node_affinity: Option<&'life4 NodeAffinity>,
    ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
       where Self: Sync + 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait,
             'life4: 'async_trait { ... }
}
Expand description

Read-write secrets store trait.

Extends SecretsProvider with write operations for managing secrets. Implementations handle encryption, versioning, and storage.

§Example

use zlayer_secrets::{SecretsStore, Secret};

async fn store_api_key(store: &impl SecretsStore, key: &str) -> Result<()> {
    let secret = Secret::new(key);
    store.set_secret("my-deployment", "api-key", &secret).await
}

Required Methods§

Source

fn set_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Store or update a secret.

If the secret already exists, it will be updated and its version incremented. If it doesn’t exist, a new secret will be created.

§Arguments
  • scope - The scope identifier (e.g., deployment name)
  • name - The secret name within the scope
  • value - The secret value to store
§Errors

Returns an error if encryption fails or storage is unavailable.

Source

fn delete_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Delete a secret from the store.

§Arguments
  • scope - The scope identifier
  • name - The secret name to delete
§Errors

Returns SecretsError::NotFound if the secret doesn’t exist, or other errors for storage issues.

Provided Methods§

Source

fn rotate_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
where Self: Sync + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Rotate a secret: overwrite with a new value and return the version before+after.

Default impl reads current metadata, writes the new value, re-reads metadata to capture the new version. Backends MAY override for efficiency.

§Arguments
  • scope - The scope identifier
  • name - The secret name
  • value - The new secret value
§Errors

Returns SecretsError::NotFound if the secret does not exist (use set_secret to create). Other storage errors as usual.

Source

fn set_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, _node_affinity: Option<&'life4 NodeAffinity>, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: Sync + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Store a secret along with an optional NodeAffinity selector.

Cluster-replicated stores use the affinity to control which nodes receive a decryptable copy of the secret. Standalone stores ignore _node_affinity (single-node deployments have no peers to select from); the default impl therefore delegates to Self::set_secret.

Backends that support affinity (currently zlayer_secrets::raft_store::RaftSecretsStore) override this method to actually persist the selector alongside the row.

§Errors

Same error surface as Self::set_secret.

Source

fn rotate_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, _node_affinity: Option<&'life4 NodeAffinity>, ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
where Self: Sync + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Rotate a secret, optionally updating its NodeAffinity selector.

None for node_affinity means “leave the existing selector unchanged” (standalone backends ignore the parameter entirely and fall through to Self::rotate_secret).

§Errors

Same error surface as Self::rotate_secret.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementations on Foreign Types§

Source§

impl<T: SecretsStore + ?Sized> SecretsStore for Arc<T>

Source§

fn set_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Source§

fn delete_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Source§

fn rotate_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Source§

fn set_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, node_affinity: Option<&'life4 NodeAffinity>, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Source§

fn rotate_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, node_affinity: Option<&'life4 NodeAffinity>, ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Implementors§