prvng_platform/crates/vault-service/Cargo.toml

[package]
authors.workspace = true
description = "Vault Service for Provisioning Platform with secrets and key management (Age dev, Cosmian KMS prod, RustyVault self-hosted)"
edition.workspace = true
license.workspace = true
name = "vault-service"
repository.workspace = true
version.workspace = true

[[bin]]
name = "provisioning-vault-service"
path = "src/main.rs"

[dependencies]
# Async runtime
tokio = { workspace = true, features = ["full"] }

# NATS JetStream bridge (lease request/issued flow)
platform-nats = { workspace = true, optional = true }

# UUID for lease IDs
uuid = { workspace = true, features = ["v4", "serde"] }

# Stream iteration
futures = { workspace = true }

# Async traits
async-trait = { workspace = true }

# Zero sensitive memory on drop
zeroize = { workspace = true }

# Web framework
axum = { workspace = true, features = ["json"] }
tower = { workspace = true }
tower-http = { workspace = true, features = ["cors", "trace"] }

# Serialization
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
toml = { workspace = true }

# Configuration
platform-config = { path = "../platform-config" }

# Centralized observability (logging, metrics, health, tracing)
observability = { workspace = true, features = ["logging", "metrics-prometheus", "health"] }

# HTTP client
reqwest = { workspace = true }

# Age encryption (development)
age = { workspace = true }

# RustyVault (self-hosted Vault alternative)
rusty_vault = { workspace = true }

# Cryptography
base64 = { workspace = true }
rand = { workspace = true }

# Error handling
anyhow = { workspace = true }
thiserror = { workspace = true }

# Logging
tracing = { workspace = true }
tracing-subscriber = { workspace = true }

# Time
chrono = { workspace = true, features = ["serde"] }

# Configuration
config = { workspace = true }

# SecretumVault (Enterprise secrets management - optional)
secretumvault = { workspace = true }

[features]
nats = ["dep:platform-nats"]
default = []

[dev-dependencies]
http-body-util = { workspace = true }
mockito = { workspace = true }
tempfile = { workspace = true }
tokio-test = { workspace = true }

[lib]
name = "vault_service"
path = "src/lib.rs"
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`[package]`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`authors.workspace = true`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`description = "Vault Service for Provisioning Platform with secrets and key management (Age dev, Cosmian KMS prod, RustyVault self-hosted)"`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`edition.workspace = true`
			`license.workspace = true`
chore: update toml files for lint 2026-01-12 05:07:30 +00:00			`name = "vault-service"`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`repository.workspace = true`
			`version.workspace = true`

			`[[bin]]`
			`name = "provisioning-vault-service"`
			`path = "src/main.rs"`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00
			`[dependencies]`
			`# Async runtime`
			`tokio = { workspace = true, features = ["full"] }`

feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement New crates - platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK, subject prefixing under provisioning.>, 6 stream definitions on startup - platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests, WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL Service integrations - orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB, webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush) - control-center: solo_auth_middleware (intentional bypass, --mode solo only), NATS session events, WebSocket bridge via JetStream subscription (no polling) - vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS); SurrealDB storage backend with MVCC retry + exponential backoff - secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests - extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache, cache invalidation via provisioning.workspace.*.deploy.done Clippy workspace clean cargo clippy --workspace -- -D warnings: 0 errors Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting (let-else, boolean arithmetic in retain, extracted helpers), io_error_other, redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path 2026-02-17 23:58:14 +00:00			`# NATS JetStream bridge (lease request/issued flow)`
			`platform-nats = { workspace = true, optional = true }`

			`# UUID for lease IDs`
			`uuid = { workspace = true, features = ["v4", "serde"] }`

			`# Stream iteration`
			`futures = { workspace = true }`

			`# Async traits`
			`async-trait = { workspace = true }`

			`# Zero sensitive memory on drop`
			`zeroize = { workspace = true }`

chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`# Web framework`
			`axum = { workspace = true, features = ["json"] }`
			`tower = { workspace = true }`
			`tower-http = { workspace = true, features = ["cors", "trace"] }`

			`# Serialization`
			`serde = { workspace = true, features = ["derive"] }`
			`serde_json = { workspace = true }`
			`toml = { workspace = true }`

feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement New crates - platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK, subject prefixing under provisioning.>, 6 stream definitions on startup - platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests, WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL Service integrations - orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB, webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush) - control-center: solo_auth_middleware (intentional bypass, --mode solo only), NATS session events, WebSocket bridge via JetStream subscription (no polling) - vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS); SurrealDB storage backend with MVCC retry + exponential backoff - secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests - extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache, cache invalidation via provisioning.workspace.*.deploy.done Clippy workspace clean cargo clippy --workspace -- -D warnings: 0 errors Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting (let-else, boolean arithmetic in retain, extracted helpers), io_error_other, redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path 2026-02-17 23:58:14 +00:00			`# Configuration`
			`platform-config = { path = "../platform-config" }`

			`# Centralized observability (logging, metrics, health, tracing)`
			`observability = { workspace = true, features = ["logging", "metrics-prometheus", "health"] }`

chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`# HTTP client`
			`reqwest = { workspace = true }`

			`# Age encryption (development)`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`age = { workspace = true }`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00
			`# RustyVault (self-hosted Vault alternative)`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`rusty_vault = { workspace = true }`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00
			`# Cryptography`
			`base64 = { workspace = true }`
			`rand = { workspace = true }`

			`# Error handling`
			`anyhow = { workspace = true }`
chore: update toml files for lint 2026-01-12 05:07:30 +00:00			`thiserror = { workspace = true }`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00
			`# Logging`
			`tracing = { workspace = true }`
			`tracing-subscriber = { workspace = true }`

			`# Time`
			`chrono = { workspace = true, features = ["serde"] }`

			`# Configuration`
			`config = { workspace = true }`

chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# SecretumVault (Enterprise secrets management - optional)`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`secretumvault = { workspace = true }`

feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement New crates - platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK, subject prefixing under provisioning.>, 6 stream definitions on startup - platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests, WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL Service integrations - orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB, webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush) - control-center: solo_auth_middleware (intentional bypass, --mode solo only), NATS session events, WebSocket bridge via JetStream subscription (no polling) - vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS); SurrealDB storage backend with MVCC retry + exponential backoff - secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests - extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache, cache invalidation via provisioning.workspace.*.deploy.done Clippy workspace clean cargo clippy --workspace -- -D warnings: 0 errors Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting (let-else, boolean arithmetic in retain, extracted helpers), io_error_other, redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path 2026-02-17 23:58:14 +00:00			`[features]`
			`nats = ["dep:platform-nats"]`
			`default = []`

chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`[dev-dependencies]`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`http-body-util = { workspace = true }`
chore: update toml files for lint 2026-01-12 05:07:30 +00:00			`mockito = { workspace = true }`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`tempfile = { workspace = true }`
chore: update toml files for lint 2026-01-12 05:07:30 +00:00			`tokio-test = { workspace = true }`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00
			`[lib]`
			`name = "vault_service"`
			`path = "src/lib.rs"`