Struct FileBackend 

pub struct FileBackend { /* private fields */ }

File-backed SigningBackend implementation.

Thin adapter over the existing JSON-keystore free functions (load_signer_for_kid, rotate_keystore, list_valid_pubkeys, prune_expired_grace). Each call opens the file fresh so external edits (e.g., the daemon’s hourly sweep) are picked up without needing a cache-invalidation hook.

Private key material lives on disk encrypted only by filesystem permissions (0600 owner-only). For tamper-resistant storage use a future TPM or YubiHSM backend.

Implementations

impl FileBackend

pub fn new(path: PathBuf) -> Self

Create a new FileBackend rooted at path. The path is the JSON keystore file; if it does not yet exist, the first operation that requires it (any of the trait methods) will create it via load_or_generate.

pub fn path(&self) -> &Path

Path to the JSON keystore this backend wraps. Useful for debugging / migration tooling.

Trait Implementations

impl Clone for FileBackend

fn clone(&self) -> FileBackend

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FileBackend

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl SigningBackend for FileBackend

fn name(&self) -> &'static str

Returns a human-readable name ("file", "tpm", …) for log lines and --key-store-backend debug output.

fn is_hardware_backed(&self) -> bool

Returns true if private key material lives in tamper-resistant hardware. Pure-software backends return false. Used for startup logging and the “key-store-backend: tpm (hw-backed)” banner.

fn active_key_id<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<String, SecretsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Lowercase hex first-8-chars-of-SHA256 of the currently-active verifying key. Stable across processes for the same key.

fn public_key_b64<'life0, 'life1, 'async_trait>( &'life0 self, kid: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Option<String>, SecretsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

URL-safe no-pad base64 of the verifying key bytes for the given kid. Returns Ok(None) if the kid is unknown or its grace window has expired.

fn list_valid_pubkeys<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<Vec<PubkeyInfo>, SecretsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

All currently-valid (active OR not-yet-expired grace) keys in the store with their statuses.

fn sign<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, kid: &'life1 str, msg: &'life2 [u8], ) -> Pin<Box<dyn Future<Output = Result<[u8; 64], SecretsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Sign msg with the key identified by kid. Fails with SecretsError::Provider if the kid is unknown or expired. Note that signing with a grace-window key is unusual (callers typically only sign with the active key) but supported for recovery scenarios.

fn rotate<'life0, 'async_trait>( &'life0 self, grace: Duration, ) -> Pin<Box<dyn Future<Output = Result<KeystoreRotationResult, SecretsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Rotate the keystore: generate a new active key, move the previous active into the grace window for grace, and return the new active kid + public key. Idempotent only in the sense that calling twice produces two rotations.

fn prune_expired_grace<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<usize, SecretsError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Prune any grace-window entries whose retention has elapsed. Returns the count of pruned entries. Called periodically by the daemon’s keystore sweep task.