pub async fn validate_secret(&self, secret: &Secret) -> Result<bool, Error> {

        let keyring = self.keyring.read().await;

        Ok(keyring.validate_secret(secret)?)

    pub fn path(&self) -> Option<&std::path::Path> {

        self.path.as_deref()

    pub async fn modified_time(&self) -> std::time::Duration {

        self.keyring.read().await.modified_time()

    pub async fn items(&self) -> Result<Vec<Result<Item, InvalidItemError>>, Error> {

        let keyring = self.keyring.read().await;

        Ok(keyring

            .iter()

            .map(|encrypted_item| {

                Ok(Item::Locked(LockedItem {

                    inner: encrypted_item.clone(),

            .collect())

    pub async fn unlock(self, secret: Secret) -> Result<UnlockedKeyring, Error> {

        self.unlock_inner(secret, true).await

    pub async unsafe fn unlock_unchecked(self, secret: Secret) -> Result<UnlockedKeyring, Error> {

        self.unlock_inner(secret, false).await

    async fn unlock_inner(

        let key = if validate_items {

            let inner_keyring = self.keyring.read().await;

            let key = inner_keyring.derive_key(&secret)?;

            let mut n_broken_items = 0;

            let mut n_valid_items = 0;

            for encrypted_item in &inner_keyring.items {

                if encrypted_item.clone().decrypt(&key).is_err() {

                    n_broken_items += 1;

                    n_valid_items += 1;

            drop(inner_keyring);

            if n_valid_items == 0 && n_broken_items != 0 {

                #[cfg(feature = "tracing")]

                return Err(Error::IncorrectSecret);

            } else if n_broken_items > n_valid_items {

                    tracing::warn!(

                    tracing::info!(

                return Err(Error::PartiallyCorruptedKeyring {

                    valid_items: n_valid_items,

                    broken_items: n_broken_items,

            Some(Arc::new(key))

            None

        Ok(UnlockedKeyring {

            keyring: self.keyring,

            path: self.path,

            mtime: self.mtime,

            key: Mutex::new(key),

            secret: Mutex::new(Arc::new(secret)),

    pub async fn load(path: impl AsRef<Path>) -> Result<Self, Error> {

        let path = path.as_ref();

        let (mtime, keyring) = match fs::File::open(&path).await {

            Err(err) if err.kind() == io::ErrorKind::NotFound => {

                #[cfg(feature = "tracing")]

                (None, api::Keyring::new())

            Ok(mut file) => {

                #[cfg(feature = "tracing")]

                let mtime = file.metadata().await?.modified().ok();

                let mut content = Vec::new();

                file.read_to_end(&mut content).await?;

                let keyring = api::Keyring::try_from(content.as_slice())?;

                (mtime, keyring)

        Ok(Self {

            keyring: Arc::new(RwLock::new(keyring)),

            path: Some(path.to_path_buf()),

            mtime: Mutex::new(mtime),