Skip to main content

zlayer_types/secrets/
registry.rs

1//! Registry credential data shapes (the wire/storage form, not the store impl).
2//!
3//! Lifted into `zlayer-types` so cross-crate consumers can name these
4//! without depending on `zlayer-secrets`. The store impl
5//! (`RegistryCredentialStore`) stays in `zlayer-secrets` and consumes these
6//! types from here.
7
8use serde::{Deserialize, Serialize};
9
10/// Docker/OCI registry credential metadata.
11///
12/// The actual password/token is stored separately as a secret in the
13/// `registry_credentials` scope, keyed by [`id`](RegistryCredential::id).
14#[derive(Debug, Clone, Serialize, Deserialize)]
15pub struct RegistryCredential {
16    /// Unique identifier (UUID v4).
17    pub id: String,
18    /// Registry hostname, e.g. `"docker.io"`, `"ghcr.io"`.
19    pub registry: String,
20    /// Username for authentication.
21    pub username: String,
22    /// Whether this credential uses basic auth or a bearer token.
23    pub auth_type: RegistryAuthType,
24}
25
26/// Authentication method for a registry credential.
27#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
28#[serde(rename_all = "snake_case")]
29pub enum RegistryAuthType {
30    /// HTTP Basic authentication (username + password).
31    Basic,
32    /// Bearer token authentication.
33    Token,
34}