Crate paranoid_vault¶
- crate paranoid_vault¶
Functions
- fn default_vault_path() -> PathBuf¶
- fn init_vault(path: impl AsRef<Path>, master_password: &str) -> Result<VaultHeader, VaultError>¶
- fn inspect_certificate_pem(certificate_pem: &[u8]) -> Result<VaultCertificatePreview, VaultError>¶
- fn inspect_vault_backup(input_path: impl AsRef<Path>) -> Result<VaultBackupSummary, VaultError>¶
- fn inspect_vault_transfer(input_path: impl AsRef<Path>) -> Result<VaultTransferSummary, VaultError>¶
- fn read_master_password(env_name: &str) -> Result<String, VaultError>¶
- fn read_vault_header(path: impl AsRef<Path>) -> Result<VaultHeader, VaultError>¶
- fn restore_vault_backup(input_path: impl AsRef<Path>, output_path: impl AsRef<Path>, overwrite: bool) -> Result<VaultHeader, VaultError>¶
- fn unlock_vault(path: impl AsRef<Path>, master_password: &str) -> Result<UnlockedVault, VaultError>¶
- fn unlock_vault_for_options(options: &VaultOpenOptions) -> Result<UnlockedVault, VaultError>¶
- fn unlock_vault_with_certificate(path: impl AsRef<Path>, certificate_pem: &[u8], private_key_pem: &[u8], private_key_passphrase: Option<&str>) -> Result<UnlockedVault, VaultError>¶
- fn unlock_vault_with_device(path: impl AsRef<Path>, slot_id: Option<&str>) -> Result<UnlockedVault, VaultError>¶
- fn unlock_vault_with_mnemonic(path: impl AsRef<Path>, mnemonic_phrase: &str, slot_id: Option<&str>) -> Result<UnlockedVault, VaultError>¶
Enums
- enum VaultAuth¶
- PasswordEnv(String)¶
- Password(SecretString)¶
- enum VaultError¶
- InvalidArguments(String)¶
- VaultExists(String)¶
- VaultNotFound(String)¶
- UnlockFailed¶
- ItemNotFound(String)¶
- RandomFailure(String)¶
- CryptoFailure(String)¶
- CertificateFailure(String)¶
- DeviceStoreFailure(String)¶
- Sqlite(rusqlite::Error)¶
- Io(std::io::Error)¶
- Json(serde_json::Error)¶
- Argon2(String)¶
- Generator(String)¶
- enum VaultItemKind¶
- Login¶
- SecureNote¶
- Card¶
- Identity¶
Implementations
- impl VaultItemKind¶
Functions
- fn as_str(&self) -> &'static str¶
- fn parse(value: &str) -> Result<Self, VaultError>¶
- enum VaultItemPayload¶
- Login(LoginRecord)¶
- SecureNote(SecureNoteRecord)¶
- Card(CardRecord)¶
- Identity(IdentityRecord)¶
- enum VaultKeyslotKind¶
- PasswordRecovery¶
- MnemonicRecovery¶
- DeviceBound¶
- CertificateWrapped¶
Implementations
- impl VaultKeyslotKind¶
Functions
- fn as_str(&self) -> &'static str¶
Structs and Unions
- struct CardRecord¶
- title: String¶
- cardholder_name: String¶
- number: String¶
- expiry_month: String¶
- expiry_year: String¶
- security_code: String¶
- billing_zip: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Vec<String>¶
- struct GenerateStoreLoginRecord¶
- target_login_id: Option<String>¶
- title: Option<String>¶
- username: Option<String>¶
- url: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Option<Vec<String>>¶
- struct IdentityRecord¶
- title: String¶
- full_name: String¶
- email: Option<String>¶
- phone: Option<String>¶
- address: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Vec<String>¶
- struct LoginRecord¶
- title: String¶
- username: String¶
- password: String¶
- url: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Vec<String>¶
- password_history: Vec<PasswordHistoryEntry>¶
- struct MnemonicRecoveryEnrollment¶
- keyslot: VaultKeyslot¶
- mnemonic: String¶
- struct NativeSessionHardening¶
Implementations
- impl NativeSessionHardening¶
Functions
- fn arm_clipboard_clear(&mut self, contents: String)¶
- fn clear_clipboard_tracking(&mut self)¶
- fn clipboard_clear_after(&self) -> Duration¶
- fn expire_activity_for_test(&mut self)¶
- fn expire_clipboard_for_test(&mut self)¶
- fn idle_lock_after(&self) -> Duration¶
- fn note_activity(&mut self)¶
- fn should_auto_lock(&self) -> bool¶
- fn take_due_clipboard_contents(&mut self) -> Option<SecretString>¶
- fn take_pending_clipboard_contents(&mut self) -> Option<SecretString>¶
- fn with_timeouts(clipboard_clear_after: Duration, idle_lock_after: Duration) -> Self¶
Traits implemented
- impl Default for NativeSessionHardening¶
- struct NewCardRecord¶
- title: String¶
- cardholder_name: String¶
- number: String¶
- expiry_month: String¶
- expiry_year: String¶
- security_code: String¶
- billing_zip: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Vec<String>¶
- struct NewIdentityRecord¶
- title: String¶
- full_name: String¶
- email: Option<String>¶
- phone: Option<String>¶
- address: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Vec<String>¶
- struct NewLoginRecord¶
- title: String¶
- username: String¶
- password: String¶
- url: Option<String>¶
- notes: Option<String>¶
- folder: Option<String>¶
- tags: Vec<String>¶
- struct NewSecureNoteRecord¶
- title: String¶
- content: String¶
- folder: Option<String>¶
- tags: Vec<String>¶
- struct SecretString(Zeroizing<String>)¶
Implementations
- impl SecretString¶
Functions
- fn as_str(&self) -> &str¶
- fn new(value: String) -> Self¶
Traits implemented
- impl fmt::Debug for SecretString¶
- struct UnlockedVault¶
Implementations
- impl UnlockedVault¶
Functions
- fn add_card(&self, record: NewCardRecord) -> Result<VaultItem, VaultError>¶
- fn add_certificate_keyslot(&mut self, certificate_pem: &[u8], label: Option<String>) -> Result<VaultKeyslot, VaultError>¶
- fn add_device_keyslot(&mut self, label: Option<String>) -> Result<VaultKeyslot, VaultError>¶
- fn add_identity(&self, record: NewIdentityRecord) -> Result<VaultItem, VaultError>¶
- fn add_login(&self, record: NewLoginRecord) -> Result<VaultItem, VaultError>¶
- fn add_mnemonic_keyslot(&mut self, label: Option<String>) -> Result<MnemonicRecoveryEnrollment, VaultError>¶
- fn add_secure_note(&self, record: NewSecureNoteRecord) -> Result<VaultItem, VaultError>¶
- fn backup_summary(&self) -> Result<VaultBackupSummary, VaultError>¶
- fn delete_item(&self, id: &str) -> Result<(), VaultError>¶
- fn duplicate_password_count(&self, id: &str) -> Result<usize, VaultError>¶
- fn export_backup(&self, output_path: impl AsRef<Path>) -> Result<PathBuf, VaultError>¶
- fn export_transfer_package(&self, output_path: impl AsRef<Path>, filter: &VaultItemFilter, recovery_secret: Option<&str>, certificate_pem: Option<&[u8]>) -> Result<PathBuf, VaultError>¶
- fn generate_and_store(&self, request: &ParanoidRequest, record: GenerateStoreLoginRecord) -> Result<(GenerationReport, VaultItem), VaultError>¶
- fn get_item(&self, id: &str) -> Result<VaultItem, VaultError>¶
- fn header(&self) -> &VaultHeader¶
- fn import_transfer_package_with_certificate(&self, input_path: impl AsRef<Path>, certificate_pem: &[u8], private_key_pem: &[u8], private_key_passphrase: Option<&str>, replace_existing: bool) -> Result<VaultTransferImportSummary, VaultError>¶
- fn import_transfer_package_with_password(&self, input_path: impl AsRef<Path>, recovery_secret: &str, replace_existing: bool) -> Result<VaultTransferImportSummary, VaultError>¶
- fn list_items(&self) -> Result<Vec<VaultItemSummary>, VaultError>¶
- fn list_items_filtered(&self, filter: &VaultItemFilter) -> Result<Vec<VaultItemSummary>, VaultError>¶
- fn path(&self) -> &Path¶
- fn rebind_device_keyslot(&mut self, id: &str) -> Result<VaultKeyslot, VaultError>¶
- fn relabel_keyslot(&mut self, id: &str, label: Option<String>) -> Result<VaultKeyslot, VaultError>¶
- fn remove_keyslot(&mut self, id: &str, force: bool) -> Result<VaultKeyslot, VaultError>¶
- fn rewrap_certificate_keyslot(&mut self, id: &str, certificate_pem: &[u8]) -> Result<VaultKeyslot, VaultError>¶
- fn rotate_mnemonic_keyslot(&mut self, id: &str) -> Result<MnemonicRecoveryEnrollment, VaultError>¶
- fn rotate_password_recovery_keyslot(&mut self, new_master_password: &str) -> Result<VaultKeyslot, VaultError>¶
- fn search_items(&self, query: &str) -> Result<Vec<VaultItemSummary>, VaultError>¶
- fn update_card(&self, id: &str, update: UpdateCardRecord) -> Result<VaultItem, VaultError>¶
- fn update_identity(&self, id: &str, update: UpdateIdentityRecord) -> Result<VaultItem, VaultError>¶
- fn update_login(&self, id: &str, update: UpdateLoginRecord) -> Result<VaultItem, VaultError>¶
- fn update_secure_note(&self, id: &str, update: UpdateSecureNoteRecord) -> Result<VaultItem, VaultError>¶
- struct UpdateCardRecord¶
- title: Option<String>¶
- cardholder_name: Option<String>¶
- number: Option<String>¶
- expiry_month: Option<String>¶
- expiry_year: Option<String>¶
- security_code: Option<String>¶
- billing_zip: Option<Option<String>>¶
- notes: Option<Option<String>>¶
- folder: Option<Option<String>>¶
- tags: Option<Vec<String>>¶
- struct UpdateIdentityRecord¶
- title: Option<String>¶
- full_name: Option<String>¶
- email: Option<Option<String>>¶
- phone: Option<Option<String>>¶
- address: Option<Option<String>>¶
- notes: Option<Option<String>>¶
- folder: Option<Option<String>>¶
- tags: Option<Vec<String>>¶
- struct UpdateLoginRecord¶
- title: Option<String>¶
- username: Option<String>¶
- password: Option<String>¶
- url: Option<Option<String>>¶
- notes: Option<Option<String>>¶
- folder: Option<Option<String>>¶
- tags: Option<Vec<String>>¶
- struct UpdateSecureNoteRecord¶
- title: Option<String>¶
- content: Option<String>¶
- folder: Option<Option<String>>¶
- tags: Option<Vec<String>>¶
- struct VaultBackupItem¶
- id: String¶
- kind: String¶
- created_at_epoch: i64¶
- updated_at_epoch: i64¶
- nonce_hex: String¶
- tag_hex: String¶
- ciphertext_hex: String¶
- struct VaultBackupKeyslotSummary¶
- id: String¶
- kind: VaultKeyslotKind¶
- label: Option<String>¶
- wrap_algorithm: String¶
- certificate_fingerprint_sha256: Option<String>¶
- certificate_subject: Option<String>¶
- certificate_not_before: Option<String>¶
- certificate_not_after: Option<String>¶
- certificate_not_before_epoch: Option<i64>¶
- certificate_not_after_epoch: Option<i64>¶
- struct VaultBackupPackage¶
- backup_format_version: u32¶
- exported_at_epoch: i64¶
- vault_format_version: u32¶
- header: VaultHeader¶
- items: Vec<VaultBackupItem>¶
- struct VaultBackupSummary¶
- backup_format_version: u32¶
- exported_at_epoch: i64¶
- vault_format_version: u32¶
- header_format_version: u32¶
- item_count: usize¶
- login_count: usize¶
- secure_note_count: usize¶
- card_count: usize¶
- identity_count: usize¶
- keyslot_count: usize¶
- recovery_posture: VaultRecoveryPosture¶
- keyslots: Vec<VaultBackupKeyslotSummary>¶
- warnings: Vec<String>¶
- restorable_by_current_build: bool¶
- struct VaultCertificatePreview¶
- fingerprint_sha256: String¶
- subject: String¶
- not_before: String¶
- not_after: String¶
- struct VaultHeader¶
- format_version: u32¶
- created_at_epoch: i64¶
- migration_state: String¶
- kdf: VaultKdfParams¶
- keyslots: Vec<VaultKeyslot>¶
Implementations
- impl VaultHeader¶
Functions
- fn assess_keyslot_health(&self, id: &str) -> Result<VaultKeyslotHealth, VaultError>¶
- fn assess_keyslot_health_with_provider_probe(&self, id: &str, provider_probe: VaultKeyslotProviderProbe) -> Result<VaultKeyslotHealth, VaultError>¶
- fn assess_keyslot_removal(&self, id: &str) -> Result<VaultKeyslotRemovalImpact, VaultError>¶
- fn keyslot_health_summaries(&self) -> Vec<VaultKeyslotHealth>¶
- fn keyslot_health_summaries_with_provider_probe(&self, provider_probe: VaultKeyslotProviderProbe) -> Vec<VaultKeyslotHealth>¶
- fn recovery_posture(&self) -> VaultRecoveryPosture¶
- fn recovery_recommendations(&self) -> Vec<String>¶
- struct VaultItem¶
- id: String¶
- kind: VaultItemKind¶
- created_at_epoch: i64¶
- updated_at_epoch: i64¶
- payload: VaultItemPayload¶
- struct VaultItemFilter¶
- query: Option<String>¶
- kind: Option<VaultItemKind>¶
- folder: Option<String>¶
- tag: Option<String>¶
Implementations
- impl VaultItemFilter¶
- struct VaultItemSummary¶
- id: String¶
- kind: VaultItemKind¶
- title: String¶
- subtitle: String¶
- location: Option<String>¶
- folder: Option<String>¶
- updated_at_epoch: i64¶
- duplicate_password_count: usize¶
- struct VaultKdfParams¶
- algorithm: String¶
- memory_cost_kib: u32¶
- iterations: u32¶
- parallelism: u32¶
- derived_key_len: usize¶
- struct VaultKeyslot¶
- id: String¶
- kind: VaultKeyslotKind¶
- label: Option<String>¶
- wrapped_by_os_keystore: bool¶
- wrap_algorithm: String¶
- salt_hex: String¶
- nonce_hex: String¶
- tag_hex: String¶
- encrypted_master_key_hex: String¶
- certificate_fingerprint_sha256: Option<String>¶
- certificate_subject: Option<String>¶
- certificate_not_before: Option<String>¶
- certificate_not_after: Option<String>¶
- certificate_not_before_epoch: Option<i64>¶
- certificate_not_after_epoch: Option<i64>¶
- mnemonic_language: Option<String>¶
- mnemonic_words: Option<u8>¶
- device_service: Option<String>¶
- device_account: Option<String>¶
- struct VaultKeyslotHealth¶
- keyslot_id: String¶
- keyslot_kind: VaultKeyslotKind¶
- warnings: Vec<String>¶
- healthy: bool¶
- provider_availability: VaultKeyslotProviderAvailability¶
- provider_evidence_source: Option<String>¶
- struct VaultKeyslotRemovalImpact¶
- keyslot_id: String¶
- keyslot_kind: VaultKeyslotKind¶
- before: VaultRecoveryPosture¶
- after: VaultRecoveryPosture¶
- warnings: Vec<String>¶
- requires_explicit_confirmation: bool¶
- struct VaultOpenOptions¶
- path: PathBuf¶
- mnemonic_phrase_env: Option<String>¶
- mnemonic_phrase: Option<SecretString>¶
- mnemonic_slot: Option<String>¶
- device_slot: Option<String>¶
- use_device_auto: bool¶
Implementations
- impl VaultOpenOptions¶
Functions
- fn password_env(&self) -> &str¶
- fn unlock_description(&self) -> String¶
- struct VaultRecoveryPosture¶
- password_recovery_slots: usize¶
- mnemonic_recovery_slots: usize¶
- device_bound_slots: usize¶
- certificate_wrapped_slots: usize¶
- has_recovery_path: bool¶
- has_certificate_path: bool¶
- meets_recommended_posture: bool¶
- struct VaultTransferAccess¶
- recovery: Option<VaultTransferRecoveryAccess>¶
- certificate: Option<VaultTransferCertificateAccess>¶
- struct VaultTransferCertificateAccess¶
- wrap_algorithm: String¶
- wrapped_transport_key_der_hex: String¶
- nonce_hex: String¶
- tag_hex: String¶
- encrypted_transfer_key_hex: String¶
- certificate_fingerprint_sha256: String¶
- certificate_subject: String¶
- certificate_not_before: String¶
- certificate_not_after: String¶
- certificate_not_before_epoch: i64¶
- certificate_not_after_epoch: i64¶
- struct VaultTransferImportSummary¶
- imported_count: usize¶
- replaced_count: usize¶
- remapped_count: usize¶
- struct VaultTransferPackage¶
- transfer_format_version: u32¶
- exported_at_epoch: i64¶
- source_vault_format_version: u32¶
- item_count: usize¶
- login_count: usize¶
- secure_note_count: usize¶
- card_count: usize¶
- identity_count: usize¶
- filter: VaultItemFilter¶
- access: VaultTransferAccess¶
- payload_nonce_hex: String¶
- payload_tag_hex: String¶
- payload_ciphertext_hex: String¶
- struct VaultTransferRecoveryAccess¶
- wrap_algorithm: String¶
- kdf: VaultKdfParams¶
- salt_hex: String¶
- nonce_hex: String¶
- tag_hex: String¶
- encrypted_transfer_key_hex: String¶
- struct VaultTransferSummary¶
- transfer_format_version: u32¶
- exported_at_epoch: i64¶
- source_vault_format_version: u32¶
- item_count: usize¶
- login_count: usize¶
- secure_note_count: usize¶
- card_count: usize¶
- identity_count: usize¶
- filter: VaultItemFilter¶
- has_recovery_path: bool¶
- has_certificate_path: bool¶
- certificate_fingerprint_sha256: Option<String>¶
- certificate_subject: Option<String>¶
- certificate_not_after: Option<String>¶
- warnings: Vec<String>¶
- importable_by_current_build: bool¶