A container for a get response that contains relevant metadata and the value stored at the
given key.
GitHubStorage leverages a GitHub repository to provide a file system approach to key / value
storage. This is not intended for storing private data but for organizing public data.
InMemoryStorage represents a key value store that is purely in memory and intended for single
threads (or must be wrapped by a Arc<RwLock<>>). This provides no permission checks and simply
is a proof of concept to unblock building of applications without more complex data stores.
Internally, it retains all data, which means that it must make copies of all key material which
violates the Diem code base. It violates it because the anticipation is that data stores would
securely handle key material. This should not be used in production.
This provides a light wrapper around KV storages to support a namespace. That namespace is
effectively prefixing all keys with then namespace value and “/” so a namespace of foo and a
key of bar becomes “foo/bar”. Without a namespace, the key would just be “bar”.
OnDiskStorage represents a key value store that is persisted to the local filesystem and is
intended for single threads (or must be wrapped by a Arc<RwLock<>>). This provides no permission
checks and simply offers a proof of concept to unblock building of applications without more
complex data stores. Internally, it reads and writes all data to a file, which means that it
must make copies of all key material which violates the Diem code base. It violates it because
the anticipation is that data stores would securely handle key material. This should not be used
in production.
Maps an identity to a set of capabilities
Dictates a set of permissions
VaultStorage utilizes Vault for maintaining encrypted, authenticated data for Diem. This
version currently matches the behavior of OnDiskStorage and InMemoryStorage. In the future,
Vault will be able to create keys, sign messages, and handle permissions across different
services. The specific vault service leveraged herein is called KV (Key Value) Secrets Engine -
Version 2 (https://www.vaultproject.io/api/secret/kv/kv-v2.html). So while Diem Secure Storage
calls pointers to data keys, Vault has actually a secret that contains multiple key value
pairs.