Function bodies 391 total
put_secret function · rust · L390-L396 (7 LOC)src/providers/aws_ps.rs
async fn put_secret(&self, key: &str, value: &str) -> Result<String> {
let parameter_name = self.get_parameter_name(key);
self.put_parameter(¶meter_name, value).await?;
// Return the key name (without prefix) to store in config
Ok(key.to_string())
}aws_error_to_fnox function · rust · L12-L203 (192 LOC)src/providers/aws_sm.rs
fn aws_error_to_fnox<E, R>(
err: &aws_sdk_secretsmanager::error::SdkError<E, R>,
secret_name: &str,
) -> FnoxError
where
E: std::fmt::Debug + std::fmt::Display,
R: std::fmt::Debug,
{
use aws_sdk_secretsmanager::error::SdkError;
const URL: &str = "https://fnox.jdx.dev/providers/aws-sm";
match err {
SdkError::ServiceError(service_err) => {
let err_str = service_err.err().to_string();
if err_str.contains("ResourceNotFoundException") {
FnoxError::ProviderSecretNotFound {
provider: "AWS Secrets Manager".to_string(),
secret: secret_name.to_string(),
hint: "Check that the secret exists in AWS Secrets Manager".to_string(),
url: URL.to_string(),
}
} else if err_str.contains("AccessDenied") || err_str.contains("UnauthorizedAccess") {
FnoxError::ProviderAuthFailed {
provider: "Aextract_name_from_arn function · rust · L127-L146 (20 LOC)src/providers/aws_sm.rs
fn extract_name_from_arn(arn_or_name: &str) -> String {
// If it's not an ARN, return as-is
if !arn_or_name.starts_with("arn:") {
return arn_or_name.to_string();
}
// Split ARN by colons and get the last part (name-SUFFIX)
if let Some(name_with_suffix) = arn_or_name.rsplit(':').next() {
// AWS adds a 7-character suffix (hyphen + 6 random chars) to secret names in ARNs
// We need to remove this to get the original name
if name_with_suffix.len() > 7 {
// Remove the last 7 characters (-XXXXXX)
return name_with_suffix[..name_with_suffix.len() - 7].to_string();
}
return name_with_suffix.to_string();
}
// Fallback: return the original string
arn_or_name.to_string()
}new function · rust · L155-L161 (7 LOC)src/providers/aws_sm.rs
pub fn new(region: String, profile: Option<String>, prefix: Option<String>) -> Self {
Self {
region,
profile,
prefix,
}
}get_secret_name function · rust · L162-L168 (7 LOC)src/providers/aws_sm.rs
pub fn get_secret_name(&self, key: &str) -> String {
match &self.prefix {
Some(prefix) => format!("{}{}", prefix, key),
None => key.to_string(),
}
}create_client function · rust · L171-L182 (12 LOC)src/providers/aws_sm.rs
async fn create_client(&self) -> Result<Client> {
let mut builder = aws_config::defaults(BehaviorVersion::latest()).region(
aws_sdk_secretsmanager::config::Region::new(self.region.clone()),
);
if let Some(profile) = &self.profile {
builder = builder.profile_name(profile);
}
let config = builder.load().await;
Ok(Client::new(&config))
}get_secret_value function · rust · L185-L289 (105 LOC)src/providers/aws_sm.rs
async fn get_secret_value(&self, secret_name: &str) -> Result<String> {
let client = self.create_client().await?;
let result = client
.get_secret_value()
.secret_id(secret_name)
.send()
.await
.map_err(|e| aws_error_to_fnox(&e, secret_name))?;
// Get the secret string (not binary)
result
.secret_string()
.ok_or_else(|| FnoxError::ProviderInvalidResponse {
provider: "AWS Secrets Manager".to_string(),
details: format!("Secret '{}' has no string value", secret_name),
hint: "Binary secrets are not supported".to_string(),
url: "https://fnox.jdx.dev/providers/aws-sm".to_string(),
})
.map(|s| s.to_string())
}
/// Create or update a secret in AWS Secrets Manager
pub async fn put_secret(&self, secret_name: &str, secret_value: &str) -> Result<()> {
let client = self.crCitation: Repobility (2026). State of AI-Generated Code. https://repobility.com/research/
put_secret function · rust · L208-L240 (33 LOC)src/providers/aws_sm.rs
pub async fn put_secret(&self, secret_name: &str, secret_value: &str) -> Result<()> {
let client = self.create_client().await?;
// Try to update existing secret first
match client
.put_secret_value()
.secret_id(secret_name)
.secret_string(secret_value)
.send()
.await
{
Ok(_) => {
tracing::debug!("Updated secret '{}' in AWS Secrets Manager", secret_name);
Ok(())
}
Err(e) => {
// If secret doesn't exist, create it
if e.to_string().contains("ResourceNotFoundException") {
client
.create_secret()
.name(secret_name)
.secret_string(secret_value)
.send()
.await
.map_err(|e| aws_error_to_fnox(&e, secret_name))?;
tracing:get_secret function · rust · L248-L258 (11 LOC)src/providers/aws_sm.rs
async fn get_secret(&self, value: &str) -> Result<String> {
let secret_name = self.get_secret_name(value);
tracing::debug!(
"Getting secret '{}' from AWS Secrets Manager in region '{}'",
secret_name,
self.region
);
self.get_secret_value(&secret_name).await
}test_connection function · rust · L418-L431 (14 LOC)src/providers/aws_sm.rs
async fn test_connection(&self) -> Result<()> {
let client = self.create_client().await?;
// Try to list secrets to verify connection
client
.list_secrets()
.max_results(1)
.send()
.await
.map_err(|e| aws_error_to_fnox(&e, "connection-test"))?;
Ok(())
}put_secret function · rust · L432-L438 (7 LOC)src/providers/aws_sm.rs
async fn put_secret(&self, key: &str, value: &str) -> Result<String> {
let secret_name = self.get_secret_name(key);
self.put_secret(&secret_name, value).await?;
// Return the key name (without prefix) to store in config
Ok(key.to_string())
}new function · rust · L21-L26 (6 LOC)src/providers/azure_kms.rs
pub fn new(vault_url: String, key_name: String) -> Self {
Self {
vault_url,
key_name,
}
}create_client function · rust · L29-L47 (19 LOC)src/providers/azure_kms.rs
fn create_client(&self) -> Result<KeyClient> {
// Use DeveloperToolsCredential which supports multiple auth methods:
// - Azure CLI
// - Azure Developer CLI
let credential =
DeveloperToolsCredential::new(None).map_err(|e| FnoxError::ProviderAuthFailed {
provider: "Azure Key Vault".to_string(),
details: e.to_string(),
hint: "Run 'az login' to authenticate with Azure".to_string(),
url: URL.to_string(),
})?;
KeyClient::new(&self.vault_url, credential, None).map_err(|e| FnoxError::ProviderApiError {
provider: "Azure Key Vault".to_string(),
details: e.to_string(),
hint: "Check your Azure Key Vault URL".to_string(),
url: URL.to_string(),
})
}decrypt function · rust · L50-L138 (89 LOC)src/providers/azure_kms.rs
async fn decrypt(&self, ciphertext_base64: &str) -> Result<String> {
let client = self.create_client()?;
// Decode from base64
let ciphertext_bytes = base64::Engine::decode(
&base64::engine::general_purpose::STANDARD,
ciphertext_base64,
)
.map_err(|e| FnoxError::ProviderInvalidResponse {
provider: "Azure Key Vault".to_string(),
details: format!("Failed to decode base64 ciphertext: {}", e),
hint: "The encrypted value appears to be corrupted".to_string(),
url: URL.to_string(),
})?;
// Create decrypt parameters with RSA-OAEP-256 algorithm
let params = KeyOperationParameters {
algorithm: Some(EncryptionAlgorithm::RsaOaep256),
value: Some(ciphertext_bytes),
..Default::default()
};
// Decrypt using Azure Key Vault
let response = client
.decrypt(
&self.key_name,
encrypt function · rust · L151-L219 (69 LOC)src/providers/azure_kms.rs
async fn encrypt(&self, plaintext: &str) -> Result<String> {
let client = self.create_client()?;
// Create encrypt parameters with RSA-OAEP-256 algorithm
let params = KeyOperationParameters {
algorithm: Some(EncryptionAlgorithm::RsaOaep256),
value: Some(plaintext.as_bytes().to_vec()),
..Default::default()
};
// Encrypt using Azure Key Vault
let response = client
.encrypt(
&self.key_name,
params
.try_into()
.map_err(|e| FnoxError::ProviderInvalidResponse {
provider: "Azure Key Vault".to_string(),
details: format!("Failed to create encrypt parameters: {}", e),
hint: "This is an unexpected error".to_string(),
url: URL.to_string(),
})?,
None,
)
.await
.Methodology: Repobility · https://repobility.com/research/state-of-ai-code-2026/
test_connection function · rust · L220-L252 (33 LOC)src/providers/azure_kms.rs
async fn test_connection(&self) -> Result<()> {
let client = self.create_client()?;
// Try to get the key to verify access
client.get_key(&self.key_name, None).await.map_err(|e| {
let err_str = e.to_string();
if err_str.contains("KeyNotFound") || err_str.contains("not found") {
FnoxError::ProviderSecretNotFound {
provider: "Azure Key Vault".to_string(),
secret: self.key_name.clone(),
hint: "Check that the key exists in the vault".to_string(),
url: URL.to_string(),
}
} else if err_str.contains("Forbidden") || err_str.contains("Unauthorized") {
FnoxError::ProviderAuthFailed {
provider: "Azure Key Vault".to_string(),
details: err_str,
hint: "Check your Azure Key Vault access policies".to_string(),
url: URL.to_string(),
get_secret_name function · rust · L21-L27 (7 LOC)src/providers/azure_sm.rs
pub fn get_secret_name(&self, key: &str) -> String {
match &self.prefix {
Some(prefix) => format!("{}{}", prefix, key),
None => key.to_string(),
}
}create_client function · rust · L30-L50 (21 LOC)src/providers/azure_sm.rs
fn create_client(&self) -> Result<SecretClient> {
// Use DeveloperToolsCredential which supports multiple auth methods:
// - Azure CLI
// - Azure Developer CLI
let credential =
DeveloperToolsCredential::new(None).map_err(|e| FnoxError::ProviderAuthFailed {
provider: "Azure Key Vault".to_string(),
details: e.to_string(),
hint: "Run 'az login' to authenticate with Azure".to_string(),
url: URL.to_string(),
})?;
SecretClient::new(&self.vault_url, credential, None).map_err(|e| {
FnoxError::ProviderApiError {
provider: "Azure Key Vault".to_string(),
details: e.to_string(),
hint: "Check your Azure Key Vault URL".to_string(),
url: URL.to_string(),
}
})
}get_secret_value function · rust · L53-L104 (52 LOC)src/providers/azure_sm.rs
async fn get_secret_value(&self, secret_name: &str) -> Result<String> {
let client = self.create_client()?;
let response = client.get_secret(secret_name, None).await.map_err(|e| {
let err_str = e.to_string();
// Check for Azure-specific "not found" error patterns
if err_str.contains("SecretNotFound")
|| err_str.contains("ResourceNotFound")
|| err_str.contains("Secret not found")
|| err_str.contains("was not found in this key vault")
{
FnoxError::ProviderSecretNotFound {
provider: "Azure Key Vault".to_string(),
secret: secret_name.to_string(),
hint: "Check that the secret exists in the vault".to_string(),
url: URL.to_string(),
}
} else if err_str.contains("Forbidden") || err_str.contains("Unauthorized") {
FnoxError::ProviderAuthFailedput_secret function · rust · L107-L151 (45 LOC)src/providers/azure_sm.rs
pub async fn put_secret(&self, secret_name: &str, secret_value: &str) -> Result<()> {
let client = self.create_client()?;
let params = SetSecretParameters {
value: Some(secret_value.to_string()),
..Default::default()
};
// Azure Key Vault uses set to both create and update secrets
client
.set_secret(
secret_name,
params
.try_into()
.map_err(|e| FnoxError::ProviderInvalidResponse {
provider: "Azure Key Vault".to_string(),
details: format!("Failed to create set_secret parameters: {}", e),
hint: "This is an unexpected error".to_string(),
url: URL.to_string(),
})?,
None,
)
.await
.map_err(|e| {
let err_str = e.to_string();
if err_str.containsget_secret function · rust · L159-L169 (11 LOC)src/providers/azure_sm.rs
async fn get_secret(&self, value: &str) -> Result<String> {
let secret_name = self.get_secret_name(value);
tracing::debug!(
"Getting secret '{}' from Azure Key Vault '{}'",
secret_name,
self.vault_url
);
self.get_secret_value(&secret_name).await
}test_connection function · rust · L170-L202 (33 LOC)src/providers/azure_sm.rs
async fn test_connection(&self) -> Result<()> {
let client = self.create_client()?;
// Try to get a secret to verify connection
// We'll try to get the fnox-test-secret we created earlier
client
.get_secret("fnox-test-secret", None)
.await
.map_err(|e| {
let err_str = e.to_string();
if err_str.contains("Forbidden") || err_str.contains("Unauthorized") {
FnoxError::ProviderAuthFailed {
provider: "Azure Key Vault".to_string(),
details: err_str,
hint: "Check your Azure Key Vault access policies".to_string(),
url: URL.to_string(),
}
} else {
FnoxError::ProviderApiError {
provider: "Azure Key Vault".to_string(),
details: format!(
"Failed to conput_secret function · rust · L203-L209 (7 LOC)src/providers/azure_sm.rs
async fn put_secret(&self, key: &str, value: &str) -> Result<String> {
let secret_name = self.get_secret_name(key);
self.put_secret(&secret_name, value).await?;
// Return the key name (without prefix) to store in config
Ok(key.to_string())
}About: code-quality intelligence by Repobility · https://repobility.com
fmt function · rust · L24-L29 (6 LOC)src/providers/bitwarden.rs
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
BitwardenBackend::Bw => write!(f, "bw"),
BitwardenBackend::Rbw => write!(f, "rbw"),
}
}new function · rust · L33-L45 (13 LOC)src/providers/bitwarden.rs
pub fn new(
collection: Option<String>,
organization_id: Option<String>,
profile: Option<String>,
backend: Option<BitwardenBackend>,
) -> Self {
Self {
collection,
organization_id,
profile,
backend: backend.unwrap_or(BitwardenBackend::Bw),
}
}build_command function · rust · L46-L52 (7 LOC)src/providers/bitwarden.rs
fn build_command(&self, kind: Option<&str>, item_name: &str) -> Result<Command> {
match &self.backend {
BitwardenBackend::Bw => self.build_bw_command(kind, item_name),
BitwardenBackend::Rbw => self.build_rbw_command(kind, item_name),
}
}build_bw_command function · rust · L53-L247 (195 LOC)src/providers/bitwarden.rs
fn build_bw_command(&self, kind: Option<&str>, item_name: &str) -> Result<Command> {
// Build the bw get command
// bw get <type> <name> [--output json]
// where type can be: item, username, password, uri, totp, notes, exposed, attachment
let mut cmd = Command::new("bw");
cmd.arg("get");
// Determine the field type to retrieve
let field_type = match kind {
None | Some("password") => Some("password"),
Some("username") => Some("username"),
Some("notes") => Some("notes"),
Some("uri") | Some("url") => Some("uri"),
Some("totp") => Some("totp"),
Some(_) => {
// For custom fields, we need the full item JSON
cmd.arg("item");
cmd.arg(item_name);
cmd.args(["--output", "json"]);
None // Special case handled, no field type needed
}
};
// For standard field tbuild_rbw_command function · rust · L141-L174 (34 LOC)src/providers/bitwarden.rs
fn build_rbw_command(&self, kind: Option<&str>, item_name: &str) -> Result<Command> {
let mut cmd = Command::new("rbw");
match kind {
None | Some("password") => {
// password is default output
cmd.args(["get", item_name]);
}
Some("username") => {
cmd.args(["get", item_name, "--field", "username"]);
}
Some("notes") => {
cmd.args(["get", item_name, "--field", "notes"]);
}
Some("uri") | Some("url") => {
cmd.args(["get", item_name, "--field", "uri"]);
}
Some("totp") => {
// rbw uses a separate subcommand for TOTP
cmd.args(["code", item_name]);
}
Some(_) => {
// custom field path: fetch full JSON; later code can still error out
cmd.args(["get", item_name, "--raw"]);
}
}
execute_command function · rust · L175-L270 (96 LOC)src/providers/bitwarden.rs
fn execute_command(&self, cmd: &mut Command) -> Result<String> {
// Close stdin to prevent bw from prompting for passwords interactively
// This is especially important in CI environments where there's no TTY
cmd.stdin(std::process::Stdio::null());
// The BW_SESSION environment variable should be set externally
// Users should run: export BW_SESSION=$(bw unlock --raw)
// Or they can set FNOX_BW_SESSION_TOKEN and we'll use that
let cli = match self.backend {
BitwardenBackend::Bw => "bw",
BitwardenBackend::Rbw => "rbw",
};
let output = cmd.output().map_err(|e| {
if e.kind() == std::io::ErrorKind::NotFound {
FnoxError::ProviderCliNotFound {
provider: "Bitwarden".to_string(),
cli: cli.to_string(),
install_hint: match self.backend {
BitwardenBackend::Bw => "brew install bitwardenbw_session_token function · rust · L286-L291 (6 LOC)src/providers/bitwarden.rs
fn bw_session_token() -> Option<String> {
env::var("FNOX_BW_SESSION")
.or_else(|_| env::var("BW_SESSION"))
.ok()
}new function · rust · L19-L24 (6 LOC)src/providers/bitwarden_sm.rs
pub fn new(project_id: Option<String>, profile: Option<String>) -> Self {
Self {
project_id,
profile,
}
}Powered by Repobility — scan your code at https://repobility.com
resolve_project_id function · rust · L25-L36 (12 LOC)src/providers/bitwarden_sm.rs
fn resolve_project_id(&self) -> Result<String> {
self.project_id
.clone()
.or_else(|| env::var("BWS_PROJECT_ID").ok())
.ok_or_else(|| FnoxError::ProviderCliFailed {
provider: "Bitwarden Secrets Manager".to_string(),
details: "Project ID not configured".to_string(),
hint: "Set project_id in provider config or BWS_PROJECT_ID env var".to_string(),
url: URL.to_string(),
})
}get_access_token function · rust · L37-L45 (9 LOC)src/providers/bitwarden_sm.rs
fn get_access_token() -> Result<String> {
bws_access_token().ok_or_else(|| FnoxError::ProviderAuthFailed {
provider: "Bitwarden Secrets Manager".to_string(),
details: "Access token not found".to_string(),
hint: "Set BWS_ACCESS_TOKEN or FNOX_BWS_ACCESS_TOKEN".to_string(),
url: URL.to_string(),
})
}execute_bws_command function · rust · L46-L114 (69 LOC)src/providers/bitwarden_sm.rs
fn execute_bws_command(&self, args: &[&str]) -> Result<String> {
tracing::debug!("Executing bws command with args: {:?}", args);
let token = Self::get_access_token()?;
let mut cmd = Command::new("bws");
cmd.env("BWS_ACCESS_TOKEN", &token);
cmd.stdin(std::process::Stdio::null());
if let Some(profile) = &self.profile {
cmd.args(["--profile", profile]);
}
cmd.args(args);
let output = cmd.output().map_err(|e| {
if e.kind() == std::io::ErrorKind::NotFound {
FnoxError::ProviderCliNotFound {
provider: "Bitwarden Secrets Manager".to_string(),
cli: "bws".to_string(),
install_hint: "brew install bws".to_string(),
url: URL.to_string(),
}
} else {
FnoxError::ProviderCliFailed {
provider: "Bitwarden Secrets Manager".to_string(),
find_secret_by_key function · rust · L115-L129 (15 LOC)src/providers/bitwarden_sm.rs
fn find_secret_by_key<'a>(
secrets: &'a [serde_json::Value],
key: &str,
) -> Result<&'a serde_json::Value> {
secrets
.iter()
.find(|s| s["key"].as_str() == Some(key))
.ok_or_else(|| FnoxError::ProviderSecretNotFound {
provider: "Bitwarden Secrets Manager".to_string(),
secret: key.to_string(),
hint: "Check that the secret name exists in the project".to_string(),
url: URL.to_string(),
})
}list_secrets function · rust · L130-L142 (13 LOC)src/providers/bitwarden_sm.rs
fn list_secrets(&self) -> Result<Vec<serde_json::Value>> {
let project_id = self.resolve_project_id()?;
let json_output =
self.execute_bws_command(&["secret", "list", &project_id, "--output", "json"])?;
serde_json::from_str(&json_output).map_err(|e| FnoxError::ProviderInvalidResponse {
provider: "Bitwarden Secrets Manager".to_string(),
details: format!("Failed to parse JSON: {}", e),
hint: "Unexpected response from bws CLI".to_string(),
url: URL.to_string(),
})
}resolve_reference function · rust · L143-L170 (28 LOC)src/providers/bitwarden_sm.rs
fn resolve_reference(secrets: &[serde_json::Value], value: &str) -> Result<String> {
let (key_name, field_name) = match value.split_once('/') {
None => (value, "value"),
Some((name, field)) => (name, field),
};
if !matches!(field_name, "value" | "key" | "note") {
return Err(FnoxError::ProviderInvalidResponse {
provider: "Bitwarden Secrets Manager".to_string(),
details: format!("Unknown field '{}' in secret reference", field_name),
hint: "Supported fields: value, key, note".to_string(),
url: URL.to_string(),
});
}
let secret = Self::find_secret_by_key(secrets, key_name)?;
secret[field_name]
.as_str()
.map(|s| s.to_string())
.ok_or_else(|| FnoxError::ProviderInvalidResponse {
provider: "Bitwarden Secrets Manager".to_string(),
details: format!("Field '{}' nget_secret function · rust · L178-L183 (6 LOC)src/providers/bitwarden_sm.rs
async fn get_secret(&self, value: &str) -> Result<String> {
tracing::debug!("Getting secret '{}' from Bitwarden Secrets Manager", value);
let secrets = self.list_secrets()?;
Self::resolve_reference(&secrets, value)
}put_secret function · rust · L230-L258 (29 LOC)src/providers/bitwarden_sm.rs
async fn put_secret(&self, key: &str, value: &str) -> Result<String> {
let secrets = self.list_secrets()?;
if let Some(existing) = secrets.iter().find(|s| s["key"].as_str() == Some(key)) {
// Update existing secret by its UUID
let id = existing["id"]
.as_str()
.ok_or_else(|| FnoxError::ProviderInvalidResponse {
provider: "Bitwarden Secrets Manager".to_string(),
details: "Secret missing 'id' field".to_string(),
hint: "Unexpected response from bws CLI".to_string(),
url: URL.to_string(),
})?;
tracing::debug!("Editing existing BSM secret '{}' ({})", key, id);
self.execute_bws_command(&["secret", "edit", id, "--value", value])?;
} else {
let project_id = self.resolve_project_id()?;
tracing::debug!(
"Creating new BSM secret '{}' in project '{}'",
Citation: Repobility (2026). State of AI-Generated Code. https://repobility.com/research/
test_connection function · rust · L259-L264 (6 LOC)src/providers/bitwarden_sm.rs
async fn test_connection(&self) -> Result<()> {
tracing::debug!("Testing connection to Bitwarden Secrets Manager");
self.list_secrets()?;
Ok(())
}bws_access_token function · rust · L266-L271 (6 LOC)src/providers/bitwarden_sm.rs
fn bws_access_token() -> Option<String> {
env::var("FNOX_BWS_ACCESS_TOKEN")
.or_else(|_| env::var("BWS_ACCESS_TOKEN"))
.ok()
}new function · rust · L20-L27 (8 LOC)src/providers/gcp_kms.rs
pub fn new(project: String, location: String, keyring: String, key: String) -> Self {
Self {
project,
location,
keyring,
key,
}
}key_name function · rust · L30-L35 (6 LOC)src/providers/gcp_kms.rs
fn key_name(&self) -> String {
format!(
"projects/{}/locations/{}/keyRings/{}/cryptoKeys/{}",
self.project, self.location, self.keyring, self.key
)
}create_client function · rust · L38-L57 (20 LOC)src/providers/gcp_kms.rs
async fn create_client(&self) -> Result<Client> {
let config = ClientConfig::default()
.with_auth()
.await
.map_err(|e| FnoxError::ProviderAuthFailed {
provider: "GCP KMS".to_string(),
details: e.to_string(),
hint: "Run 'gcloud auth application-default login' or set GOOGLE_APPLICATION_CREDENTIALS".to_string(),
url: URL.to_string(),
})?;
Client::new(config)
.await
.map_err(|e| FnoxError::ProviderApiError {
provider: "GCP KMS".to_string(),
details: e.to_string(),
hint: "Check your GCP KMS configuration".to_string(),
url: URL.to_string(),
})
}decrypt function · rust · L60-L116 (57 LOC)src/providers/gcp_kms.rs
async fn decrypt(&self, ciphertext_base64: &str) -> Result<String> {
let client = self.create_client().await?;
// Decode from base64
let ciphertext_bytes = base64::Engine::decode(
&base64::engine::general_purpose::STANDARD,
ciphertext_base64,
)
.map_err(|e| FnoxError::ProviderInvalidResponse {
provider: "GCP KMS".to_string(),
details: format!("Failed to decode base64 ciphertext: {}", e),
hint: "The encrypted value appears to be corrupted".to_string(),
url: URL.to_string(),
})?;
let request = DecryptRequest {
name: self.key_name(),
ciphertext: ciphertext_bytes,
additional_authenticated_data: vec![],
..Default::default()
};
let response = client.decrypt(request, None).await.map_err(|e| {
let err_str = e.to_string();
if err_str.contains("PERMISSION_DENIED") || err_str.cencrypt function · rust · L129-L165 (37 LOC)src/providers/gcp_kms.rs
async fn encrypt(&self, plaintext: &str) -> Result<String> {
let client = self.create_client().await?;
let request = EncryptRequest {
name: self.key_name(),
plaintext: plaintext.as_bytes().to_vec(),
additional_authenticated_data: vec![],
..Default::default()
};
let response = client.encrypt(request, None).await.map_err(|e| {
let err_str = e.to_string();
if err_str.contains("PERMISSION_DENIED") || err_str.contains("permission") {
FnoxError::ProviderAuthFailed {
provider: "GCP KMS".to_string(),
details: err_str,
hint: "Check IAM permissions for cloudkms.cryptoKeyVersions.useToEncrypt"
.to_string(),
url: URL.to_string(),
}
} else {
FnoxError::ProviderApiError {
provider: "GCP KMS".to_string(),
test_connection function · rust · L166-L202 (37 LOC)src/providers/gcp_kms.rs
async fn test_connection(&self) -> Result<()> {
let client = self.create_client().await?;
// Try to get the key to verify access
let request = GetCryptoKeyRequest {
name: self.key_name(),
};
client.get_crypto_key(request, None).await.map_err(|e| {
let err_str = e.to_string();
if err_str.contains("NOT_FOUND") || err_str.contains("not found") {
FnoxError::ProviderSecretNotFound {
provider: "GCP KMS".to_string(),
secret: self.key_name(),
hint: "Check that the KMS key exists".to_string(),
url: URL.to_string(),
}
} else if err_str.contains("PERMISSION_DENIED") || err_str.contains("permission") {
FnoxError::ProviderAuthFailed {
provider: "GCP KMS".to_string(),
details: err_str,
hint: "Check IAM permissions for cloMethodology: Repobility · https://repobility.com/research/state-of-ai-code-2026/
build_secret_name function · rust · L22-L33 (12 LOC)src/providers/gcp_sm.rs
fn build_secret_name(&self, value: &str) -> String {
let secret_name = if let Some(prefix) = &self.prefix {
format!("{}{}", prefix, value)
} else {
value.to_string()
};
format!(
"projects/{}/secrets/{}/versions/latest",
self.project, secret_name
)
}create_client function · rust · L36-L58 (23 LOC)src/providers/gcp_sm.rs
async fn create_client(&self) -> Result<SecretManagerService> {
SecretManagerService::builder().build().await.map_err(|e| {
let err_str = e.to_string();
if err_str.contains("credentials")
|| err_str.contains("authentication")
|| err_str.contains("GOOGLE_APPLICATION_CREDENTIALS")
{
FnoxError::ProviderAuthFailed {
provider: "GCP Secret Manager".to_string(),
details: err_str,
hint: "Run 'gcloud auth application-default login' or set GOOGLE_APPLICATION_CREDENTIALS".to_string(),
url: URL.to_string(),
}
} else {
FnoxError::ProviderApiError {
provider: "GCP Secret Manager".to_string(),
details: err_str,
hint: "Check your GCP project configuration".to_string(),
url: URL.to_string(),
get_secret_id function · rust · L61-L67 (7 LOC)src/providers/gcp_sm.rs
fn get_secret_id(&self, key: &str) -> String {
if let Some(prefix) = &self.prefix {
format!("{}{}", prefix, key)
} else {
key.to_string()
}
}