blob: 6c22293583c1151d3d7dcb9cc9bcf566456dba92 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
//! A secrets type module that wraps around some user content with metadata
use crate::traits::AutoEncoder;
use serde::{Serialize, Deserialize};
/// Specifies the type of secret that's used to derive a vault user secret
#[derive(Serialize, Deserialize)]
pub enum SecretType {
/// A simple password
Plain,
/// A keyfile that allows asymetric trust operations
Keyfile,
/// Signing a user password with the id of a yubikey
Combine,
}
impl AutoEncoder for SecretType {}
/// The backing secret for user authentication
///
/// This is _always_ in a non-recoverable form, i.e. a hash
/// and salted password. **However** it does reveal something
/// about the user setup, i.e. the type of secret used.
///
/// Depending on what secret is used, there are other operations that
/// might be supported to verify operations. For example, a `Keyfile`
/// secret can deposit the entire public key in the `content` field,
/// then use asymmetric operations to verify operations more thoroughly.
#[derive(Serialize, Deserialize)]
pub struct UserSecret {
tt: SecretType,
content: String,
}
impl AutoEncoder for UserSecret {}
|
