Skip to main content

SecretsProvider

zlayer_secrets

Trait SecretsProvider 

Source 
pub trait SecretsProvider: Send + Sync {
    // Required methods
    fn get_secret<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn get_secrets<'life0, 'life1, 'life2, 'life3, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        names: &'life2 [&'life3 str],
    ) -> Pin<Box<dyn Future<Output = Result<HashMap<String, Secret>>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             'life3: 'async_trait;
    fn list_secrets<'life0, 'life1, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<Vec<SecretMetadata>>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn exists<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        scope: &'life1 str,
        name: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
}
Expand description

Read-only secrets provider trait.

Implementations provide access to secrets from various backends such as encrypted local storage, HashiCorp Vault, AWS Secrets Manager, etc.

§Scoping

Secrets are organized by scope, which is typically a deployment or service identifier. The scope determines the namespace for secret lookups.

§Example

use zlayer_secrets::{SecretsProvider, Secret};

async fn get_database_password(provider: &impl SecretsProvider) -> Result<Secret> {
    provider.get_secret("my-deployment", "database-password").await
}

Required Methods§

Source

fn get_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Retrieve a single secret by scope and name.

§Arguments
  • scope - The scope identifier (e.g., deployment name)
  • name - The secret name within the scope
§Errors

Returns SecretsError::NotFound if the secret doesn’t exist, or other errors for storage/access issues.

Source

fn get_secrets<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, names: &'life2 [&'life3 str], ) -> Pin<Box<dyn Future<Output = Result<HashMap<String, Secret>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Retrieve multiple secrets by scope and names.

This method enables efficient batch retrieval when multiple secrets are needed. Implementations may optimize this by fetching all secrets in a single request where the backend supports it.

§Arguments
  • scope - The scope identifier (e.g., deployment name)
  • names - Slice of secret names to retrieve
§Returns

A map of secret names to their values. Secrets that don’t exist are omitted from the result rather than causing an error.

Source

fn list_secrets<'life0, 'life1, 'async_trait>( &'life0 self, scope: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Vec<SecretMetadata>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

List metadata for all secrets in a scope.

This returns metadata (name, version, timestamps) without exposing the actual secret values. Useful for inventory and auditing.

§Arguments
  • scope - The scope identifier to list secrets from
Source

fn exists<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Check if a secret exists in the given scope.

This is more efficient than get_secret when you only need to verify existence without retrieving the value.

§Arguments
  • scope - The scope identifier
  • name - The secret name to check

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementations on Foreign Types§

Source§

impl<T: SecretsProvider + ?Sized> SecretsProvider for Arc<T>

Source§

fn get_secret<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Source§

fn get_secrets<'life0, 'life1, 'life2, 'life3, 'async_trait>( &'life0 self, scope: &'life1 str, names: &'life2 [&'life3 str], ) -> Pin<Box<dyn Future<Output = Result<HashMap<String, Secret>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, 'life3: 'async_trait,

Source§

fn list_secrets<'life0, 'life1, 'async_trait>( &'life0 self, scope: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Vec<SecretMetadata>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Source§

fn exists<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, scope: &'life1 str, name: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Implementors§