Expand description
Credential store for API authentication.
Built on top of [PersistentSecretsStore], this module provides API-key
based authentication with Argon2id password hashing.
Credentials are stored in the credentials scope of the secrets store.
Each credential is a JSON object containing the argon2id hash of the
API secret and an array of roles.
§Example
ⓘ
use zlayer_secrets::credentials::CredentialStore;
use zlayer_secrets::{EncryptionKey, PersistentSecretsStore};
let key = EncryptionKey::generate();
let secrets_dir = zlayer_paths::ZLayerDirs::system_default().secrets();
let store = PersistentSecretsStore::open(&secrets_dir, key).await?;
let cred_store = CredentialStore::new(store);
// Create an API key
cred_store.create_api_key("admin", "super-secret-password", &["admin"]).await?;
// Validate credentials
let roles = cred_store.validate("admin", "super-secret-password").await?;
assert!(roles.is_some());Structs§
- Credential
Store - Credential store for API key authentication.