matrix_sdk::encryption::secret_storage

Struct SecretStore

Source
pub struct SecretStore { /* private fields */ }
Expand description

Secure key/value storage for Matrix users.

The SecretStore struct encapsulates the secret storage mechanism for Matrix users, as it is specified in the Matrix specification.

This specialized storage is tied to the user’s Matrix account and serves as an encrypted key/value store, backed by account data residing on the homeserver. Any secrets uploaded to the homeserver using the SecretStore::put_secret() method are automatically encrypted by the SecretStore.

SecretStore enables you to safely manage and access sensitive information while ensuring that it remains protected from unauthorized access. It plays a crucial role in maintaining the privacy and security of a Matrix user’s data.

Data Flow Overview:

flowchart LR subgraph Client SecretStore end subgraph Homeserver data[Account Data] end SecretStore <== Encrypted ==> data

Note: It’s important to emphasize that the SecretStore should not be used for storing large volumes of data due to its nature as a key/value store for sensitive information.

§Examples

use ruma::events::secret::request::SecretName;

let secret_store = client
   .encryption()
   .secret_storage()
   .open_secret_store("It's a secret to everybody")
   .await?;

let my_secret = "Top secret secret";
let my_secret_name = SecretName::from("m.treasure");

secret_store.put_secret(my_secret_name, my_secret);

Implementations§

Source§

impl SecretStore

Source

pub fn secret_storage_key(&self) -> String

Export the SecretStorageKey of this SecretStore as a base58-encoded string as defined in the spec.

Note: This returns a copy of the private key material of the SecretStorageKey as a string. The caller needs to ensure that this string is zeroized.

Source

pub async fn get_secret( &self, secret_name: impl Into<SecretName>, ) -> Result<Option<String>>

Retrieve a secret from the homeserver’s account data

This method allows you to retrieve a secret from the account data stored on the Matrix homeserver.

§Arguments
  • secret_name: The name of the secret. The provided secret_name serves as the event type for the associated account data event.

The retrieve_secret method enables you to access and decrypt secrets previously stored in the user’s account data on the homeserver. You can use the secret_name parameter to specify the desired secret to retrieve.

§Examples
use ruma::events::secret::request::SecretName;

let secret_store = client
    .encryption()
    .secret_storage()
    .open_secret_store("It's a secret to everybody")
    .await?;

let my_secret_name = SecretName::from("m.treasure");

let secret = secret_store.get_secret(my_secret_name).await?;
Source

pub async fn put_secret( &self, secret_name: impl Into<SecretName>, secret: &str, ) -> Result<()>

Store a secret in the homeserver’s account data

This method allows you to securely store a secret on the Matrix homeserver as an encrypted account data event.

§Arguments
  • secret_name: The name of the secret. The provided secret_name serves as the event type for the account data event on the homeserver.

  • secret: The secret to be stored on the homeserver. The secret is encrypted before being stored, ensuring its confidentiality and integrity.

§Examples
use ruma::events::secret::request::SecretName;

let secret_store = client
    .encryption()
    .secret_storage()
    .open_secret_store("It's a secret to everybody")
    .await?;

let my_secret = "Top secret secret";
let my_secret_name = SecretName::from("m.treasure");

secret_store.put_secret(my_secret_name, my_secret);
Source

pub async fn import_secrets(&self) -> Result<()>

Retrieve and store well-known secrets locally

This method retrieves and stores all well-known secrets from the account data on the Matrix homeserver to enhance local security and identity verification.

The following secrets are retrieved by this method:

  • m.cross_signing.master: The master cross-signing key.
  • m.cross_signing.self_signing: The self-signing cross-signing key.
  • m.cross_signing.user_signing: The user-signing cross-signing key.
  • m.megolm_backup.v1: The backup recovery key.

If the m.cross_signing.self_signing key is successfully imported, it is used to sign our own Device, marking it as verified. This step is establishes trust in your own device’s identity.

By invoking this method, you ensure that your device has access to the necessary secrets for device and identity verification.

§Examples
use ruma::events::secret::request::SecretName;

let secret_store = client
    .encryption()
    .secret_storage()
    .open_secret_store("It's a secret to everybody")
    .await?;

secret_store.import_secrets().await?;

let status = client
    .encryption()
    .cross_signing_status()
    .await
    .expect("We should be able to check out cross-signing status");

println!("Cross-signing status {status:?}");

Trait Implementations§

Source§

impl Debug for SecretStore

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, W> HasTypeWitness<W> for T
where W: MakeTypeWitness<Arg = T>, T: ?Sized,

Source§

const WITNESS: W = W::MAKE

A constant of the type witness
Source§

impl<T> Identity for T
where T: ?Sized,

Source§

const TYPE_EQ: TypeEq<T, <T as Identity>::Type> = TypeEq::NEW

Proof that Self is the same type as Self::Type, provides methods for casting between Self and Self::Type.
Source§

type Type = T

The same type as Self, used to emulate type equality bounds (T == U) with associated type equality constraints (T: Identity<Type = U>).
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> Any for T
where T: Any,

Source§

impl<T> AsyncTraitDeps for T

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T

Source§

impl<T> SendOutsideWasm for T
where T: Send,

Source§

impl<T> SyncOutsideWasm for T
where T: Sync,