Skip to content
OpenFirma OpenFirma
Blog

vault

Module: credential::provider::vault

Section titled “Module: credential::provider::vault”

Contents

Section titled “Contents”

Structs

firma_sidecar::credential::provider::vault::VaultCredentialInjector

Section titled “firma_sidecar::credential::provider::vault::VaultCredentialInjector”

Struct

Credential injector that reads Vault Agent–rendered secret files.

Connector IDs are mapped to one or more [VaultSecretEntry] descriptors at construction time. On each inject() call the referenced files are read from disk, producing the header set for the outbound request.

Methods:

  • fn new(entries: HashMap<String, Vec<VaultSecretEntry>>) -> Self - Creates a new injector from a pre-built mapping of connector
  • fn empty() -> Self - Creates an empty injector with no configured connectors.
  • fn insert(self: & mut Self, connector_id: String, secrets: Vec<VaultSecretEntry>) - Registers secret entries for a connector ID, replacing any
  • fn len(self: &Self) -> usize - Returns the number of configured connectors.
  • fn is_empty(self: &Self) -> bool - Returns true if no connectors are configured.

Trait Implementations:

  • CredentialInjector
    • fn inject(self: &'life0 Self, _envelope: &'life1 ExecutionEnvelope, connector_id: &'life2 str, _target: &'life3 str) -> ::core::pin::Pin<Box<dyn ::core::future::Future>>
  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
  • Clone
    • fn clone(self: &Self) -> VaultCredentialInjector

firma_sidecar::credential::provider::vault::VaultSecretEntry

Section titled “firma_sidecar::credential::provider::vault::VaultSecretEntry”

Struct

Descriptor for a single credential file rendered by Vault Agent.

Each entry maps a connector ID to a file on disk that contains the secret value, plus the header name under which to inject it.

Fields:

  • header_name: String - HTTP header name to inject (e.g. Authorization).
  • value_prefix: Option<String> - Optional prefix prepended to the raw file content
  • secret_path: std::path::PathBuf - Path to the file containing the secret value, rendered by

Trait Implementations:

  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
  • Clone
    • fn clone(self: &Self) -> VaultSecretEntry