switch to secretfile

2026-06-03 18:24:12 +02:00 · 2024-03-26 20:42:09 +01:00 · 2024-03-26 20:42:09 +01:00 · f46ef086a8
commit f46ef086a8
parent 9c1d7225db
4 changed files with 49 additions and 38 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -165,7 +165,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -176,7 +176,7 @@ checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -287,7 +287,7 @@ dependencies = [
 "heck",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -807,7 +807,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "scratch",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -824,7 +824,7 @@ checksum = "2345488264226bf682893e25de0769f3360aac9957980ec49361b083ddaa5bc5"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -899,7 +899,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "structmeta",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -926,6 +926,7 @@ dependencies = [
 "reqwest",
 "sea-query",
 "sea-query-binder",
 "secretfile",
 "serde",
 "serde-env",
 "sqlx",
@ -1224,7 +1225,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -1653,7 +1654,7 @@ checksum = "ce243b1bfa62ffc028f1cc3b6034ec63d649f3031bc8a4fbbb004e1ac17d1f68"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -2354,7 +2355,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -2615,7 +2616,7 @@ dependencies = [
 "pest_meta",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -2837,9 +2838,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
 [[package]]
 name = "proc-macro2"
-version = "1.0.70"
+version = "1.0.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b"
+checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e"
 dependencies = [
 "unicode-ident",
 ]
@ -2908,9 +2909,9 @@ dependencies = [
 [[package]]
 name = "quote"
-version = "1.0.33"
+version = "1.0.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae"
+checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
 dependencies = [
 "proc-macro2",
 ]
@ -3332,7 +3333,7 @@ dependencies = [
 "heck",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 "thiserror",
 ]
@ -3342,6 +3343,15 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
 [[package]]
 name = "secretfile"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "746c54b939ab8d393b536765393c0bd7634fca94eed62321ec3e3559293f6c21"
 dependencies = [
 "thiserror",
 ]
 [[package]]
 name = "security-framework"
 version = "2.8.2"
@ -3440,7 +3450,7 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -4010,7 +4020,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "structmeta-derive",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -4021,7 +4031,7 @@ checksum = "a60bcaff7397072dca0017d1db428e30d5002e00b6847703e2e42005c95fbe00"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -4894,9 +4904,9 @@ dependencies = [
 [[package]]
 name = "syn"
-version = "2.0.39"
+version = "2.0.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
+checksum = "002a1b3dbf967edfafc32655d0f377ab0bb7b994aa1d32c8cc7e9b8bf3ebb8f0"
 dependencies = [
 "proc-macro2",
 "quote",
@ -4990,22 +5000,22 @@ dependencies = [
 [[package]]
 name = "thiserror"
-version = "1.0.40"
+version = "1.0.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac"
+checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297"
 dependencies = [
 "thiserror-impl",
 ]
 [[package]]
 name = "thiserror-impl"
-version = "1.0.40"
+version = "1.0.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
+checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -5108,7 +5118,7 @@ checksum = "61a573bdc87985e9d6ddeed1b3d864e8a302c847e40d647746df2f1de209d1ce"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -5309,7 +5319,7 @@ checksum = "0f57e3ca2a01450b1a921183a9c9cbfda207fd822cef4ccb00a65402cbba7a74"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
@ -5597,7 +5607,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 "wasm-bindgen-shared",
 ]
@ -5631,7 +5641,7 @@ checksum = "bae1abb6806dc1ad9e560ed242107c0f6c84335f1749dd4e8ddb012ebd5e25a7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
@ -5986,7 +5996,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.55",
 ]
 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -38,3 +38,4 @@ demostf-build = { path = "./build", version = "*" }
 include_dir = "0.7.3"
 serde-env = "0.1.1"
 tonic = { version = "0.9.2", features = ["tls", "tls-webpki-roots"] }
 secretfile = "0.1.0"
--- a/src/error.rs
+++ b/src/error.rs
@ -2,6 +2,7 @@ use axum::http::StatusCode;
 use axum::response::{IntoResponse, Response};
 use config::ConfigError;
 use opentelemetry::trace::TraceError;
 use secretfile::SecretError;
 use tracing_subscriber::util::TryInitError;
 #[derive(Debug, thiserror::Error)]
@ -36,6 +37,8 @@ pub enum SetupError {
    TracingSubscriber(#[from] TryInitError),
    #[error(transparent)]
    Config(#[from] ConfigError),
    #[error(transparent)]
    Secret(#[from] SecretError),
    #[error("{0}")]
    Other(String),
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -42,9 +42,10 @@ use maud::{Markup, Render};
 use opentelemetry::KeyValue;
 use opentelemetry_otlp::WithExportConfig;
 use opentelemetry_sdk::{runtime, trace, Resource};
 use secretfile::load;
 use sqlx::PgPool;
 use std::env::{args, var};
-use std::fs::{read, remove_file, set_permissions, Permissions};
+use std::fs::{remove_file, set_permissions, Permissions};
 use std::net::SocketAddr;
 use std::os::unix::fs::PermissionsExt;
 use std::sync::Arc;
@ -94,12 +95,8 @@ fn setup() -> Result<Config, SetupError> {
            .with_endpoint(&tracing_cfg.endpoint);
        if let Some(tracing_ident) = tracing_cfg.tls.as_ref().map(|tracing_tls_cfg| {
-            let key = read(&tracing_tls_cfg.key_file).map_err(|_| {
+            let key = load(&tracing_tls_cfg.key_file)?;
-                SetupError::Other(format!("failed to open {}", tracing_tls_cfg.key_file))
+            let cert = load(&tracing_tls_cfg.cert_file)?;
            })?;
            let cert = read(&tracing_tls_cfg.cert_file).map_err(|_| {
                SetupError::Other(format!("failed to open {}", tracing_tls_cfg.cert_file))
            })?;
            Result::<_, SetupError>::Ok(Identity::from_pem(cert, key))
        }) {
            let tls_config = ClientTlsConfig::new().identity(tracing_ident?);