jesus/secretumvault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
secretumvault/Cargo.toml
Jesús Pérez 6bd3be0350
Some checks failed
Rust CI / Security Audit (push) Has been cancelled
Details
Rust CI / Check + Test + Lint (nightly) (push) Has been cancelled
Details
Rust CI / Check + Test + Lint (stable) (push) Has been cancelled
Details
feat(events): add NATS event bus for vault lifecycle notifications 
Introduces a `nats` feature-gated event system that publishes
  lease lifecycle events (issued, revoked, revocation_failed) to NATS
  subjects under a configurable prefix.

  - Add `VaultEvent` enum with serde tag-based serialization
  - Add `VaultEventPublisher` with best-effort fire-and-forget semantics
  - Add `NatsVaultConfig` with sensible defaults (disabled by default)
  - Wire `VaultEventPublisher` into `LeaseRevocationWorker`
  - Gate all event code behind `#[cfg(feature = "nats")]`
2026-02-27 00:20:50 +00:00

116 lines
3.3 KiB
TOML
Raw Blame History

[package]
name = "secretumvault"
version = "0.1.0"
edition = "2021"
authors = ["Jesús Pérez <jesus@example.com>"]
description = "Post-quantum ready secrets management system"
license = "Apache-2.0"
[features]
default = ["openssl", "filesystem", "server", "surrealdb-storage", "pqc", "cli", "cedar", "nats"]
# Crypto backends
openssl = ["dep:openssl"]
aws-lc = ["aws-lc-rs"]
pqc = ["oqs"]
# Storage backends
filesystem = []
# surrealdb-storage: mem (tests) + WebSocket + TLS. Pick an engine variant for production:
# url = "surrealkv://data/vault.db" (relational/graph, ACID, vault default)
# url = "rocksdb://data/hot.db" (high-throughput sequential writes)
# url = "ws://host:8000" (remote SurrealDB via WebSocket)
surrealdb-storage = ["surrealdb/kv-mem", "surrealdb/kv-surrealkv", "surrealdb/protocol-ws", "surrealdb/rustls"]
surrealdb-storage-rocksdb = ["surrealdb-storage", "surrealdb/kv-rocksdb"]
etcd-storage = ["etcd-client"]
postgresql-storage = ["sqlx"]
# Components
server = ["axum", "tower-http", "tokio-rustls", "rustls-pemfile", "rustls", "axum-server", "hyper", "hyper-util"]
cli = ["clap", "reqwest"]
cedar = ["cedar-policy"]
# NATS event publishing
nats = ["dep:async-nats"]
[dependencies]
# Core
tokio = { version = "1.49", features = ["full"] }
async-trait = "0.1"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
toml = "0.9"
thiserror = "2.0"
anyhow = "1.0"
chrono = { version = "0.4", features = ["serde"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["json"] }
# Crypto
aws-lc-rs = { version = "1.15", features = ["unstable"], optional = true }
openssl = { version = "0.10", optional = true }
oqs = { version = "0.11", optional = true }
hkdf = "0.12"
sha2 = "0.10"
aes-gcm = "0.10"
chacha20poly1305 = "0.10"
rand = "0.9"
# Shamir Secret Sharing
sharks = "0.5"
# Cedar policies
cedar-policy = { version = "4.8", optional = true }
# Storage
surrealdb = { version = "3", optional = true, features = ["kv-mem", "protocol-ws", "rustls"] }
# NATS event bus
async-nats = { version = "0.46", optional = true }
etcd-client = { version = "0.18", optional = true }
sqlx = { version = "0.8", features = ["postgres", "runtime-tokio-native-tls"], optional = true }
# Server
axum = { version = "0.8", optional = true, features = ["macros"] }
axum-server = { version = "0.8", optional = true, features = ["tls-rustls"] }
tower-http = { version = "0.6", optional = true, features = ["cors", "trace"] }
tower = "0.5"
hyper = { version = "1.8", optional = true, features = ["server", "http1", "http2"] }
hyper-util = { version = "0.1", optional = true, features = ["tokio", "server", "server-auto"] }
tokio-rustls = { version = "0.26", optional = true }
rustls-pemfile = { version = "2.2", optional = true }
rustls = { version = "0.23", optional = true }
# HTTP Client
reqwest = { version = "0.13", features = ["json"], optional = true }
# CLI
clap = { version = "4.5", optional = true, features = ["derive", "env"] }
# Utilities
uuid = { version = "1.20", features = ["v4", "serde"] }
base64 = "0.22"
hex = "0.4"
regex = "1.12"
[dev-dependencies]
tempfile = "3.24"
wiremock = "0.6"
proptest = "1.9"
[[bin]]
name = "svault"
path = "src/main.rs"
required-features = ["server"]
[profile.release]
opt-level = 3
lto = true
codegen-units = 1
strip = true
[profile.dev]
split-debuginfo = "packed"
Reference in New Issue View Git Blame Copy Permalink