Expand description
Persistent storage for SDK / browser client public keys, used as
recipients for sealed-box secret reads. Shares the secrets SQLite
database with PersistentSecretsStore.
Each registered key is bound to an actor (a user or an API key) and
stored alongside an opaque key_id. Keys are never deleted — revoke
is a soft-delete that hides the key from list_by_actor while keeping
it retrievable via get so the actor’s audit trail stays intact.
The schema lives in the same secrets.sqlite file as the secrets
table, so callers should construct a single SqlitePool (typically
via PersistentSecretsStore::open)
and hand the same pool to PersistentClientKeyStore::new.
Structs§
- Client
Public Key - A registered client public key bound to an actor.
- Persistent
Client KeyStore - SQLite-backed
ClientKeyStore.
Enums§
- Actor
Kind - The kind of actor a registered client key belongs to.
Constants§
- PUBLIC_
KEY_ LEN - Required length, in bytes, of an X25519 / Curve25519 public key.
Traits§
- Client
KeyStore - Storage trait for SDK / browser client public keys.