Struct diem_secure_storage::VaultStorage

source · 
pub struct VaultStorage { /* private fields */ }
Expand description

VaultStorage utilizes Vault for maintaining encrypted, authenticated data for Diem. This version currently matches the behavior of OnDiskStorage and InMemoryStorage. In the future, Vault will be able to create keys, sign messages, and handle permissions across different services. The specific vault service leveraged herein is called KV (Key Value) Secrets Engine - Version 2 (https://www.vaultproject.io/api/secret/kv/kv-v2.html). So while Diem Secure Storage calls pointers to data keys, Vault has actually a secret that contains multiple key value pairs.

Implementations§

source§

impl VaultStorage

source

pub fn new( host: String, token: String, certificate: Option<String>, renew_ttl_secs: Option<u32>, use_cas: bool, connection_timeout_ms: Option<u64>, response_timeout_ms: Option<u64> ) -> Self

source

pub fn revoke_token_self(&self) -> Result<(), Error>

source

pub fn get_all_key_versions( &self, name: &str ) -> Result<Vec<ReadResponse<Ed25519PublicKey>>, Error>

Trait Implementations§

source§

impl CryptoStorage for VaultStorage

source§

fn create_key(&mut self, name: &str) -> Result<Ed25519PublicKey, Error>

Securely generates a new named Ed25519 private key. The behavior for calling this interface multiple times with the same name is implementation specific.
source§

fn export_private_key(&self, name: &str) -> Result<Ed25519PrivateKey, Error>

Returns the Ed25519 private key stored at ‘name’.
source§

fn export_private_key_for_version( &self, name: &str, version: Ed25519PublicKey ) -> Result<Ed25519PrivateKey, Error>

Returns the Ed25519 private key stored at ‘name’ and identified by ‘version’, which is the corresponding public key. This may fail even if the ‘named’ key exists but the version is not present.
source§

fn import_private_key( &mut self, name: &str, key: Ed25519PrivateKey ) -> Result<(), Error>

An optional API that allows importing private keys and storing them at the provided name. This is not intended to be used in production and the API may throw unimplemented if not used correctly. As this is purely a testing API, there is no defined behavior for importing a key for a given name if that name already exists. It only exists to allow Diem to be run in test environments where a set of deterministic keys must be generated.
source§

fn get_public_key(&self, name: &str) -> Result<PublicKeyResponse, Error>

Returns the Ed25519 public key stored at ‘name’.
source§

fn get_public_key_previous_version( &self, name: &str ) -> Result<Ed25519PublicKey, Error>

Returns the previous version of the Ed25519 public key stored at ‘name’. For the most recent version, see ‘get_public_key(..)’ above.
source§

fn rotate_key(&mut self, name: &str) -> Result<Ed25519PublicKey, Error>

Rotates an Ed25519 private key. Future calls without version to this ‘named’ key will return the rotated key instance. The previous key is retained and can be accessed via the version. At most two versions are expected to be retained.
source§

fn sign<T: CryptoHash + Serialize>( &self, name: &str, message: &T ) -> Result<Ed25519Signature, Error>

Signs the provided securely-hashable struct, using the ‘named’ private key.
source§

fn sign_using_version<T: CryptoHash + Serialize>( &self, name: &str, version: Ed25519PublicKey, message: &T ) -> Result<Ed25519Signature, Error>

Signs the provided securely-hashable struct, using the ‘named’ and ‘versioned’ private key. This may fail even if the ‘named’ key exists but the version is not present.
source§

impl From<VaultStorage> for Storage

source§

fn from(v: VaultStorage) -> Storage

Converts to this type from the input type.
source§

impl KVStorage for VaultStorage

source§

fn available(&self) -> Result<(), Error>

Returns an error if the backend service is not online and available.
source§

fn get<T: DeserializeOwned>(&self, key: &str) -> Result<GetResponse<T>, Error>

Retrieves a value from storage and fails if the backend is unavailable or the process has invalid permissions.
source§

fn set<T: Serialize>(&mut self, key: &str, value: T) -> Result<(), Error>

Sets a value in storage and fails if the backend is unavailable or the process has invalid permissions.
source§

fn reset_and_clear(&mut self) -> Result<(), Error>

Resets and clears all data held in the storage engine. Note: this should only be exposed and used for testing. Resetting the storage engine is not something that should be supported in production.
source§

impl TryInto<VaultStorage> for Storage

§

type Error = &'static str

The type returned in the event of a conversion error.
source§

fn try_into( self ) -> Result<VaultStorage, <Self as TryInto<VaultStorage>>::Error>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more