bitwarden_crypto/store/backend/mod.rs
1use zeroize::ZeroizeOnDrop;
2
3use crate::store::KeyId;
4
5mod implementation;
6
7pub use implementation::create_store;
8
9/// This trait represents a platform that can store and return keys. If possible,
10/// it will try to enable as many security protections on the keys as it can.
11/// The keys themselves implement [ZeroizeOnDrop], so the store will only need to make sure
12/// that the keys are dropped when they are no longer needed.
13///
14/// The default implementation is a basic in-memory store that does not provide any security
15/// guarantees.
16///
17/// We have other implementations in testing using `mlock` and `memfd_secret` for protecting keys in
18/// memory.
19///
20/// Other implementations could use secure enclaves, HSMs or OS provided keychains.
21pub trait StoreBackend<Key: KeyId>: ZeroizeOnDrop + Send + Sync {
22 /// Inserts a key into the store. If the key already exists, it will be replaced.
23 fn upsert(&mut self, key_id: Key, key: Key::KeyValue);
24
25 /// Retrieves a key from the store.
26 fn get(&self, key_id: Key) -> Option<&Key::KeyValue>;
27
28 #[allow(unused)]
29 /// Removes a key from the store.
30 fn remove(&mut self, key_id: Key);
31
32 /// Removes all keys from the store.
33 fn clear(&mut self);
34
35 /// Retains only the elements specified by the predicate.
36 /// In other words, remove all keys for which `f` returns false.
37 fn retain(&mut self, f: fn(Key) -> bool);
38}