#secret #secret-management #credentials #keyring #password #keychain

secret-lib

Cross-platform, asynchronous Rust library to retrieve secrets from different sources

1 stable release

1.0.0 Oct 27, 2024
0.4.6 Aug 16, 2024
0.4.5 Jun 3, 2024
0.4.1 Mar 14, 2024
0.1.0 Aug 27, 2023

#468 in Asynchronous

Download history 113/week @ 2024-08-17 103/week @ 2024-08-24 136/week @ 2024-08-31 72/week @ 2024-09-07 101/week @ 2024-09-14 111/week @ 2024-09-21 77/week @ 2024-09-28 70/week @ 2024-10-05 37/week @ 2024-10-12 16/week @ 2024-10-19 167/week @ 2024-10-26 12/week @ 2024-11-02 7/week @ 2024-11-09 24/week @ 2024-11-16 25/week @ 2024-11-23 34/week @ 2024-11-30

90 downloads per month
Used in 9 crates (7 directly)

MIT license

29KB
345 lines

🔐 secret-lib

Cross-platform, asynchronous Rust library to retrieve secrets from different sources.

Features

  • Can retrieve secret from shell commands using process-lib
  • Can retrieve secret from users' global keyring using process-lib
  • Can retrieve secret from raw strings (not safe, for testing purpose)
  • Supports tokio and async-std async runtimes
  • Supports rustls and openssl crypto libs
  • Supports serde (de)serialization from/to String

The library comes with 8 cargo features, including 4 default ones:

  • tokio: enables the tokio async runtime
  • async-std: enables the async-std async runtime
  • rustls: enables the rustls crypto
  • openssl: enables the openssl crypto
  • command: enables the command-based secret backend
  • keyring: enables the keyring-based secret backend
  • derive: enables serde support
  • vendored: compiles and statically link to a copy of non-Rust vendors like OpenSSL

Example

use secret::{keyring::KeyringEntry, Secret};

#[tokio::main]
async fn main() {
    // raw secret

    let mut secret = Secret::new_raw("secret");
    assert_eq!(secret.get().await.unwrap(), "secret");

    // shell command secret

    let mut secret = Secret::new_command("echo 'secret'");
    assert_eq!(secret.get().await.unwrap(), "secret");

    // keyring secret

    let entry = KeyringEntry::try_new("key")
        .unwrap()
        .try_with_secret("secret")
        .await
        .unwrap();
    let mut secret = Secret::new_keyring_entry(entry);
    assert_eq!(secret.get().await.unwrap(), "secret");
}

See the full API documentation on docs.rs.

Sponsoring

nlnet

Special thanks to the NLnet foundation and the European Commission that helped the project to receive financial support from various programs:

If you appreciate the project, feel free to donate using one of the following providers:

GitHub Ko-fi Buy Me a Coffee Liberapay thanks.dev PayPal

Dependencies

~0.5–15MB
~212K SLoC