Attributes can and should be stored with a secret to facilitate lookup of the secret at a later date.

An attribute constists of a name, and a value. Both parts are simple strings.

The service may have additional requirements as to what can be present in an attribute name. It is recommended that attribute names are human readable, and kept simple for the sake of simplicity.

During a lookup, attribute names and values are matched via case-sensitive string equality.

It's important to remember that attributes are not part of the secret. Services implementing this API will probably store attributes in an unencrypted manner in order to support simple and effecient lookups.

In order to search for items, use the SearchItems() method of the Service interface. The matched items will be returned in two sets. The unlocked return value will contain the object paths of all the items that are not locked. The locked return value will contain object paths of items that are locked, which can be unlocked if desired.

The SearchItems() method of the Collection interface is similar, except for it only searches a single collection.