Skip to main content

PersistentSecretsStore

zlayer_secrets

Struct PersistentSecretsStore 

Source 
pub struct PersistentSecretsStore { /* private fields */ }
Expand description

Persistent secrets store backed by SQLite with encryption.

Secrets are encrypted using XChaCha20-Poly1305 before storage. Metadata is stored alongside secrets for inspection and auditing.

The store uses SQLite with WAL mode for concurrent access.

Implementations§

Source§

impl PersistentSecretsStore

Source

pub async fn open(path: impl AsRef<Path>, key: EncryptionKey) -> Result<Self>

Opens or creates a persistent secrets store at the given path.

If path is a directory, the database file will be created as secrets.sqlite inside that directory. If path is a file path, it will be used directly.

§Arguments
  • path - Path to the database file or directory
  • key - Encryption key for encrypting/decrypting secrets
§Errors

Returns SecretsError::Storage if:

  • The database cannot be created or opened
  • Schema initialization fails

Trait Implementations§

Source§

impl SecretsProvider for PersistentSecretsStore

Source§

fn get_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Retrieve a single secret by scope and name. Read more
Source§

fn get_secrets<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, names: &'life2 [&'life3 str], ) -> Pin<Box<dyn Future<Output = Result<HashMap<String, Secret>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Retrieve multiple secrets by scope and names. Read more
Source§

fn list_secrets<'life0, 'life1, 'async_trait>( &'life0 self, scope: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Vec<SecretMetadata>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

List metadata for all secrets in a scope. Read more
Source§

fn exists<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Check if a secret exists in the given scope. Read more
Source§

impl SecretsStore for PersistentSecretsStore

Source§

fn set_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Store or update a secret. Read more
Source§

fn delete_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Delete a secret from the store. Read more
Source§

fn rotate_secret<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
where Self: Sync + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Rotate a secret: overwrite with a new value and return the version before+after. Read more
Source§

fn set_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, _node_affinity: Option<&'life4 NodeAffinity>, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: Sync + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Store a secret along with an optional NodeAffinity selector. Read more
Source§

fn rotate_secret_with_affinity<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, value: &'life3 Secret, _node_affinity: Option<&'life4 NodeAffinity>, ) -> Pin<Box<dyn Future<Output = Result<RotationResult>> + Send + 'async_trait>>
where Self: Sync + 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait, 'life4: 'async_trait,

Rotate a secret, optionally updating its NodeAffinity selector. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more