Rust

Westyx Nexus Rust SDK

The official Rust SDK for Westyx Nexus.

Highlights

  • No async runtime required - synchronous blocking API, compatible with tokio, async-std, or pure sync applications
  • Thread-safe TTL cache - in-memory Mutex-guarded snapshot, stale-while-revalidate with background refresh
  • SSE live updates - run_stream() triggers immediate re-sync on any config/secret/flag change
  • Public vs secret key access - pk_ keys restricted to configs and flags; NexusError::PublicKeyRestricted returned immediately
  • ETag caching - 304 Not Modified skips JSON decode and resets TTL with no data transfer
  • Billing protection - 402 Payment Required halts background sync but keeps serving cached values
  • Quarantine circuit breaker - 429 quarantined stops retries until expires_at; NexusError::Quarantined { reason, expires_at }
  • Workload Identity Federation - OIDC token exchange for Kubernetes, AWS, GCP, and Azure; no static API key needed
  • Write API - set_secret, delete_secret, delete_secret_version
  • AB Testing - evaluate_ab for rollout and targeting rules (add-on required)
  • File-type secrets - written to OS temp dir on sync; path returned via get_secret_file_path; cleaned up on drop
  • Service kind awareness - kind=frontend services cannot hold secrets; enforced locally

What's New

v0.5.1-beta.1

Change Details
Security improvements Response bodies no longer in error messages; WIF token whitespace stripped; file paths are opaque hashes; SecretNotFound key truncated to 128 chars
flag.toggled SSE event Flag toggle events now trigger a re-sync
SSE quarantine detection Stream 429 with quarantine body pauses reconnects until expires_at
Drop cleanup fix Weak<Inner> in background threads — file-type secrets reliably removed on Drop
CI hardened Trigger regex, MR trigger, publish ancestry check

v0.5.0-beta.1

Change Details
Initial release First Rust SDK for Westyx Nexus
Write API set_secret, delete_secret, delete_secret_version
NexusError::RateLimited New error for 429 on write endpoints
WIF support Kubernetes, AWS, GCP, Azure providers
SSE streaming run_stream() with exponential backoff
File-type secrets get_secret_file_path, Drop cleanup

Table of Contents

Getting started

Reference

Operations