pub struct SecretStore { /* private fields */ }
e2e-encryption
only.Expand description
Secure key/value storage for Matrix users.
The SecretStore
struct encapsulates the secret storage mechanism for
Matrix users, as it is specified in the Matrix specification.
This specialized storage is tied to the user’s Matrix account and serves as
an encrypted key/value store, backed by account data residing on the
homeserver. Any secrets uploaded to the homeserver using the
SecretStore::put_secret()
method are automatically encrypted by the
SecretStore
.
SecretStore
enables you to safely manage and access sensitive
information while ensuring that it remains protected from unauthorized
access. It plays a crucial role in maintaining the privacy and security of a
Matrix user’s data.
Data Flow Overview:
Note: It’s important to emphasize that the SecretStore
should not be
used for storing large volumes of data due to its nature as a key/value
store for sensitive information.
§Examples
use ruma::events::secret::request::SecretName;
let secret_store = client
.encryption()
.secret_storage()
.open_secret_store("It's a secret to everybody")
.await?;
let my_secret = "Top secret secret";
let my_secret_name = SecretName::from("m.treasure");
secret_store.put_secret(my_secret_name, my_secret);
Implementations§
Source§impl SecretStore
impl SecretStore
Sourcepub fn secret_storage_key(&self) -> String
pub fn secret_storage_key(&self) -> String
Export the SecretStorageKey
of this SecretStore
as a
base58-encoded string as defined in the spec.
Note: This returns a copy of the private key material of the
SecretStorageKey
as a string. The caller needs to ensure that this
string is zeroized.
Sourcepub async fn get_secret(
&self,
secret_name: impl Into<SecretName>,
) -> Result<Option<String>>
pub async fn get_secret( &self, secret_name: impl Into<SecretName>, ) -> Result<Option<String>>
Retrieve a secret from the homeserver’s account data
This method allows you to retrieve a secret from the account data stored on the Matrix homeserver.
§Arguments
secret_name
: The name of the secret. The providedsecret_name
serves as the event type for the associated account data event.
The retrieve_secret
method enables you to access and decrypt secrets
previously stored in the user’s account data on the homeserver. You can
use the secret_name
parameter to specify the desired secret to
retrieve.
§Examples
use ruma::events::secret::request::SecretName;
let secret_store = client
.encryption()
.secret_storage()
.open_secret_store("It's a secret to everybody")
.await?;
let my_secret_name = SecretName::from("m.treasure");
let secret = secret_store.get_secret(my_secret_name).await?;
Sourcepub async fn put_secret(
&self,
secret_name: impl Into<SecretName>,
secret: &str,
) -> Result<()>
pub async fn put_secret( &self, secret_name: impl Into<SecretName>, secret: &str, ) -> Result<()>
Store a secret in the homeserver’s account data
This method allows you to securely store a secret on the Matrix homeserver as an encrypted account data event.
§Arguments
-
secret_name
: The name of the secret. The providedsecret_name
serves as the event type for the account data event on the homeserver. -
secret
: The secret to be stored on the homeserver. The secret is encrypted before being stored, ensuring its confidentiality and integrity.
§Examples
use ruma::events::secret::request::SecretName;
let secret_store = client
.encryption()
.secret_storage()
.open_secret_store("It's a secret to everybody")
.await?;
let my_secret = "Top secret secret";
let my_secret_name = SecretName::from("m.treasure");
secret_store.put_secret(my_secret_name, my_secret);
Sourcepub async fn import_secrets(&self) -> Result<()>
pub async fn import_secrets(&self) -> Result<()>
Retrieve and store well-known secrets locally
This method retrieves and stores all well-known secrets from the account data on the Matrix homeserver to enhance local security and identity verification.
The following secrets are retrieved by this method:
m.cross_signing.master
: The master cross-signing key.m.cross_signing.self_signing
: The self-signing cross-signing key.m.cross_signing.user_signing
: The user-signing cross-signing key.m.megolm_backup.v1
: The backup recovery key.
If the m.cross_signing.self_signing
key is successfully imported, it
is used to sign our own Device
, marking it as verified. This step is
establishes trust in your own device’s identity.
By invoking this method, you ensure that your device has access to the necessary secrets for device and identity verification.
§Examples
use ruma::events::secret::request::SecretName;
let secret_store = client
.encryption()
.secret_storage()
.open_secret_store("It's a secret to everybody")
.await?;
secret_store.import_secrets().await?;
let status = client
.encryption()
.cross_signing_status()
.await
.expect("We should be able to check out cross-signing status");
println!("Cross-signing status {status:?}");
Trait Implementations§
Auto Trait Implementations§
impl Freeze for SecretStore
impl !RefUnwindSafe for SecretStore
impl Send for SecretStore
impl Sync for SecretStore
impl Unpin for SecretStore
impl !UnwindSafe for SecretStore
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
§impl<T> CompatExt for T
impl<T> CompatExt for T
Source§impl<T> FutureExt for T
impl<T> FutureExt for T
Source§fn with_context(self, otel_cx: Context) -> WithContext<Self>
fn with_context(self, otel_cx: Context) -> WithContext<Self>
Source§fn with_current_context(self) -> WithContext<Self>
fn with_current_context(self) -> WithContext<Self>
Source§impl<T, UT> HandleAlloc<UT> for T
impl<T, UT> HandleAlloc<UT> for T
Source§fn consume_handle(handle: Handle) -> Arc<T>
fn consume_handle(handle: Handle) -> Arc<T>
Arc<>
Source§impl<T, W> HasTypeWitness<W> for Twhere
W: MakeTypeWitness<Arg = T>,
T: ?Sized,
impl<T, W> HasTypeWitness<W> for Twhere
W: MakeTypeWitness<Arg = T>,
T: ?Sized,
Source§impl<T> Identity for Twhere
T: ?Sized,
impl<T> Identity for Twhere
T: ?Sized,
§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more