https://github.com/pimalaya/secret
Rust I/O-free library to retrieve secrets from different sources
https://github.com/pimalaya/secret
command flow io-free keyring library process rust sans-io secret
Last synced: about 1 year ago
JSON representation
Rust I/O-free library to retrieve secrets from different sources
- Host: GitHub
- URL: https://github.com/pimalaya/secret
- Owner: pimalaya
- License: mit
- Created: 2025-04-25T11:45:55.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-04-25T19:19:19.000Z (about 1 year ago)
- Last Synced: 2025-04-25T20:29:13.833Z (about 1 year ago)
- Topics: command, flow, io-free, keyring, library, process, rust, sans-io, secret
- Language: Rust
- Homepage: https://docs.rs/secret-flows/latest/secret_flows/
- Size: 19.5 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Secret flows [](https://docs.rs/secret-flows/latest/secret_flows/) [](https://matrix.to/#/#pimalaya:matrix.org)
Rust **I/O-free** library to retrieve secrets from different sources, based on [process-flows](https://crates.io/crates/process-flows) and [keyring-flows](https://crates.io/crates/keyring-flows).
## Design
This library does not perform any I/O. Instead, it exposes *I/O-free*, *composable* and *iterable* state machines *so called flows*.
A **flow** emits I/O **requests**, which should be processed by I/O **handlers**. A flow is considered *terminated* when it does not emit I/O requests anymore.
Secret flows emit I/O requests defined by [process-flows](https://docs.rs/process-flows/latest/process_flows/handlers) and [keyring-flows](https://docs.rs/keyring-flows/latest/keyring_flows/handlers) crates, so any I/O handler from them should work.
## Examples
### Read secret synchronously
```rust,ignore
use keyring_flows::{handlers::std::Handler as handle_keyring_std};
use process_flows::{handlers::std::handle as handle_process_std};
use secret_flows::{ReadFromCommand, ReadFromKeyring, Secret};
// from a secret::Secret enum
let secret = match secret {
Secret::Raw(secret) => secret,
Secret::Command(cmd) => {
let mut read = ReadFromCommand::new(cmd);
loop {
match read.next() {
Ok(secret) => break secret,
Err(io) => handle_process_std(&mut read, io).unwrap(),
}
}
}
Secret::Keyring(entry) => {
let mut read = ReadFromKeyring::new(entry);
loop {
match read.next() {
Ok(secret) => break secret,
Err(io) => handle_keyring_std(&mut read, io).unwrap(),
}
}
}
}
```
*See complete example at [./examples/read](https://github.com/pimalaya/secret/blob/master/examples/read.rs).*
## Sponsoring
[](https://nlnet.nl/)
Special thanks to the [NLnet foundation](https://nlnet.nl/) and the [European Commission](https://www.ngi.eu/) that helped the project to receive financial support from various programs:
- [NGI Assure](https://nlnet.nl/project/Himalaya/) in 2022
- [NGI Zero Entrust](https://nlnet.nl/project/Pimalaya/) in 2023
- [NGI Zero Core](https://nlnet.nl/project/Pimalaya-PIM/) in 2024 *(still ongoing)*
If you appreciate the project, feel free to donate using one of the following providers:
[](https://github.com/sponsors/soywod)
[](https://ko-fi.com/soywod)
[](https://www.buymeacoffee.com/soywod)
[](https://liberapay.com/soywod)
[](https://thanks.dev/soywod)
[](https://www.paypal.com/paypalme/soywod)