Change primary secret type

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sd-credentials"
-version = "0.1.0"
+version = "0.2.0"
 edition = "2021"
 license = "MIT"
 authors = ["Mathieu Trossevin <mtrossevin@evolix.fr>"]
@@ -12,10 +12,11 @@ description = "A simple crate to recover secrets passed by systemd (or anything
 [features]
 default = []
 # For some inane reason this seems to also require tokio but I am not adding it as a dependency here as nothing I implement actually require tokio.
-secret-vault = ["dep:secret-vault", "dep:async-trait"]
+secret-vault = ["dep:secret-vault", "dep:secret-vault-value", "dep:async-trait"]
 
 [dependencies]
 async-trait = { version = "0.1.74", optional = true }
 cap-std = "2.0.0"
+secrecy = "0.8.0"
 secret-vault = { version = "1.10.1", optional = true }
-secret-vault-value = "0.3.8"
+secret-vault-value = { version = "0.3.8", optional = true }

src/lib.rs

@@ -3,9 +3,13 @@ use std::collections::HashMap;
 use std::path::Path;
 
 #[cfg(feature = "secret-vault")]
-use secret_vault::{SecretSource, SecretVaultRef, SecretVaultResult, Secret, SecretMetadata, errors::SecretVaultError};
+use secret_vault::{
+    errors::SecretVaultError, SecretMetadata, SecretSource, SecretVaultRef, SecretVaultResult,
+};
 
-use secret_vault_value::SecretValue;
+#[cfg(feature = "secret-vault")]
+use secrecy::ExposeSecret;
+use secrecy::Secret;
 
 #[derive(Debug)]
 pub struct CredentialLoader(cap_std::fs::Dir);
@@ -23,8 +27,8 @@ impl CredentialLoader {
         self.0.open(credential)
     }
 
-    pub fn get<P: AsRef<Path>>(&self, credential: P) -> std::io::Result<SecretValue> {
+    pub fn get<P: AsRef<Path>>(&self, credential: P) -> std::io::Result<Secret<Vec<u8>>> {
-        Ok(SecretValue::new(self.0.read(credential)?))
+        Ok(Secret::from(self.0.read(credential)?))
     }
 }
 
@@ -35,18 +39,27 @@ impl SecretSource for CredentialLoader {
         "CredentialLoader".to_string()
     }
 
-    async fn get_secrets(&self, references: &[SecretVaultRef]) -> SecretVaultResult<HashMap<SecretVaultRef, Secret>> {
+    async fn get_secrets(
-        let mut result_map: HashMap<SecretVaultRef, Secret> = HashMap::default();
+        &self,
+        references: &[SecretVaultRef],
+    ) -> SecretVaultResult<HashMap<SecretVaultRef, secret_vault::Secret>> {
+        let mut result_map: HashMap<SecretVaultRef, secret_vault::Secret> = HashMap::default();
 
         for secret_ref in references {
             let secret_name = secret_ref.key.secret_name.as_ref();
-            let secret_version = secret_ref.key.secret_version.as_ref().map(|sv| format!("_v{sv}")).unwrap_or_default();
+            let secret_version = secret_ref
+                .key
+                .secret_version
+                .as_ref()
+                .map(|sv| format!("_v{sv}"))
+                .unwrap_or_default();
             let secret_file_name = format!("{secret_name}{secret_version}");
 
             match self.get(secret_file_name) {
                 Ok(secret_value) => {
+                    let secret_value = secret_vault_value::SecretValue::new(secret_value.expose_secret().clone());
                     let metadata = SecretMetadata::create_from_ref(secret_ref);
-                    result_map.insert(secret_ref.clone(), Secret::new(secret_value, metadata));
+                    result_map.insert(secret_ref.clone(), secret_vault::Secret::new(secret_value, metadata));
                 }
                 Err(err) if secret_ref.required => {
                     return Err(SecretVaultError::DataNotFoundError(
@@ -62,4 +75,4 @@ impl SecretSource for CredentialLoader {
         }
         todo!();
     }
-}
+}