Struct bonsaidb::local::vault::LocalVaultKeyStorage

pub struct LocalVaultKeyStorage { /* private fields */ }

Stores vault key locally on disk. This is in general considered insecure, and shouldn’t be used without careful consideration.

The primary goal of encryption within BonsaiDb is to offer limited encryption at-rest. Within these goals, the primary attack vector being protected against is an attacker being able to copy the data off of the disks, either by physically gaining access to the drives or having filesystem access. By storing the vault key on the same physical media, the encryption should be considered insecure because if you can gain access to the data, you have access to the keys as well.

For production environments, it is much more secure to store the vault key in a separate location. We recommand any S3-compatible backend.

Implementations

impl LocalVaultKeyStorage

pub fn new<P>(path: P) -> Result<LocalVaultKeyStorage, Error>where
    P: AsRef<Path>,

Creates a new file-based vaultr key storage, storing files within path. The path provided shouod be a directory. If it doesn’t exist, it will be created.

Trait Implementations

impl Clone for LocalVaultKeyStorage

fn clone(&self) -> LocalVaultKeyStorage

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for LocalVaultKeyStorage

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl VaultKeyStorage for LocalVaultKeyStorage

type Error = LocalVaultKeyStorageError

The error type that the functions return.

fn vault_key_for(
    &self,
    server_id: StorageId
) -> Result<Option<KeyPair>, <LocalVaultKeyStorage as VaultKeyStorage>::Error>

Retrieve all previously stored vault key for a given storage id.

fn set_vault_key_for(
    &self,
    server_id: StorageId,
    key: KeyPair
) -> Result<(), <LocalVaultKeyStorage as VaultKeyStorage>::Error>

Store a key. Each server id should have unique storage.