Struct bonsaidb::local::vault::LocalVaultKeyStorage

pub struct LocalVaultKeyStorage { /* private fields */ }
Expand description

Stores vault key locally on disk. This is in general considered insecure, and shouldn’t be used without careful consideration.

The primary goal of encryption within BonsaiDb is to offer limited encryption at-rest. Within these goals, the primary attack vector being protected against is an attacker being able to copy the data off of the disks, either by physically gaining access to the drives or having filesystem access. By storing the vault key on the same physical media, the encryption should be considered insecure because if you can gain access to the data, you have access to the keys as well.

For production environments, it is much more secure to store the vault key in a separate location. We recommand any S3-compatible backend.

Implementations§

§

impl LocalVaultKeyStorage

pub fn new<P>(path: P) -> Result<LocalVaultKeyStorage, Error>where P: AsRef<Path>,

Creates a new file-based vaultr key storage, storing files within path. The path provided shouod be a directory. If it doesn’t exist, it will be created.

Trait Implementations§

§

impl Clone for LocalVaultKeyStorage

§

fn clone(&self) -> LocalVaultKeyStorage

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
§

impl Debug for LocalVaultKeyStorage

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
§

impl VaultKeyStorage for LocalVaultKeyStorage

§

type Error = LocalVaultKeyStorageError

The error type that the functions return.
§

fn vault_key_for( &self, server_id: StorageId ) -> Result<Option<KeyPair>, <LocalVaultKeyStorage as VaultKeyStorage>::Error>

Retrieve all previously stored vault key for a given storage id.
§

fn set_vault_key_for( &self, server_id: StorageId, key: KeyPair ) -> Result<(), <LocalVaultKeyStorage as VaultKeyStorage>::Error>

Store a key. Each server id should have unique storage.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> AnyVaultKeyStorage for Twhere T: VaultKeyStorage + 'static,

§

fn vault_key_for(&self, server_id: StorageId) -> Result<Option<KeyPair>, Error>

Retrieve all previously stored master keys for a given storage id.
§

fn set_vault_key_for( &self, server_id: StorageId, key: KeyPair ) -> Result<(), Error>

Store a key. Each server id should have unique storage. The keys are uniquely encrypted per storage id and can only be decrypted by keys contained in the storage itself.
§

impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

§

impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32 ) -> TaggedParser<'a, Implicit, Self, E>

source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more