KeyringStore class final
#include <crypto/keyring_store.hpp>
Persistent keyring store backed by config filesystem backend.
The keyring stores trusted public keys and per-key flags used by authorization logic. Mutating methods are persisted atomically by backend write semantics.
Public types
- struct Paths
- using TrustedKeyVisitor = bool(*)(const TrustedKeyRecord&record, void*user_ctx)
Constructors, destructors, conversion operators
-
KeyringStore(std::shared_ptr<prf::
config:: IConfigBackend> backend) explicit - Creates keyring store with default file names.
-
KeyringStore(std::shared_ptr<prf::
config:: IConfigBackend> backend, Paths paths) - Creates keyring store with explicit file paths.
Public functions
- auto add(const Ed25519PublicKey& public_key, KeyFlags flags, KeyId* out_key_id) -> bool
- Adds one trusted key. Fails on duplicate key id.
- auto for_each(TrustedKeyVisitor visitor, void* user_ctx, size_t* out_count = nullptr) const -> bool
- Iterates trusted-key records without materializing a temporary copy.
- auto has_admin_trusted_key() const -> bool
- Returns true when any stored key is both trusted and admin.
- auto is_admin_key(std::span<const uint8_t> key_id) const -> bool
- Returns true when key id is present and has admin flag.
- auto public_key(std::span<const uint8_t> key_id, Ed25519PublicKey* out_public_key) const -> bool
- Returns stored public key for one key id.
- auto remove(std::span<const uint8_t> key_id) -> bool
- Removes one trusted key by key id.
- auto update_flags(std::span<const uint8_t> key_id, KeyFlags mask, KeyFlags values) -> bool
- Updates selected flag bits for one trusted key.