Documentation
¶
Index ¶
- Variables
- func Decrypt(ciphertext []byte, key []byte) ([]byte, error)
- func DeriveKey(key string) ([]byte, error)
- func Encrypt(plaintext []byte, key []byte) ([]byte, error)
- type ConfigFile
- type EnvFile
- type Option
- type Secret
- type SecretManager
- func (sm *SecretManager) DecryptFile(filename string, key []byte) (string, error)
- func (sm *SecretManager) EncryptEnvFile(masterKey string) (map[string]string, error)
- func (sm *SecretManager) EncryptFile(filename string, key []byte) error
- func (sm *SecretManager) ExportSecrets(filePath string) error
- func (sm *SecretManager) GenerateMasterKey() ([]byte, error)
- func (sm *SecretManager) GeneratePlatformKey() (string, error)
- func (sm *SecretManager) GenerateWindowsKey() (string, error)
- func (sm *SecretManager) GetAppName() string
- func (sm *SecretManager) GetDopplerProvider() (SecretProvider, bool)
- func (sm *SecretManager) GetKey() string
- func (sm *SecretManager) GetKeyOsAgnosticPath() string
- func (sm *SecretManager) GetSecret(name string) (string, error)
- func (sm *SecretManager) ImportSecrets(filePath string) error
- func (sm *SecretManager) IsDopplerEnabled() bool
- func (sm *SecretManager) IsKeyExist() bool
- func (sm *SecretManager) MigrateToProvider(providerName string) error
- func (sm *SecretManager) PrepareSecretsContext() error
- func (sm *SecretManager) ProcessConfigFile(cwd, key string) (*ConfigFile, error)
- func (sm *SecretManager) ProcessSingleEnvFile(path, key string) (*EnvFile, error)
- func (sm *SecretManager) RotateSecrets() error
- func (sm *SecretManager) SecureCompare(a, b string) bool
- func (sm *SecretManager) SetSecret(name, value string, encrypt bool) error
- func (sm *SecretManager) ValidateSecret(name, value string) error
- type SecretProvider
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrSecretNotFound = errors.New("secret not found") ErrDecryptionFailed = errors.New("decryption failed") ErrEncryptionFailed = errors.New("encryption failed") ErrInvalidConfig = errors.New("invalid configuration") ErrInvalidSecretPath = errors.New("invalid secret path") ErrEncryptFailed = errors.New("encryption failed") ErrDecryptFailed = errors.New("decryption failed") ErrDopplerNotConfigured = errors.New("doppler integration not configured") ErrInvalidSecretFormat = errors.New("invalid secret format") ErrUnsupportedPlatform = errors.New("unsupported platform") ErrKeyGenerationFailed = errors.New("key generation failed") ErrSecretAlreadyExists = errors.New("secret already exists") ErrPermissionDenied = errors.New("permission denied") ErrInvalidProvider = errors.New("invalid secret provider") ErrProviderNotConfigured = errors.New("provider not configured") ErrConfigNotFound = errors.New("configuration not found") )
View Source
var (
SLogs = shared.PackageLogger("Secrets::", "🔐 Secrets Manager::")
)
Functions ¶
Types ¶
type ConfigFile ¶
type Option ¶
type Option func(*SecretManager)
Option configures a SecretManager
func WithConfig ¶
func WithConfig(cfg *config.NextDeployConfig) Option
WithConfig provides application configuration
func WithProvider ¶
func WithProvider(name string, provider SecretProvider) Option
WithProvider registers a new secret provider
type Secret ¶
type Secret struct {
Value string `json:"value"` // The secret value (may be encrypted)
Version int `json:"version"` // Version for rotation
CreatedAt int64 `json:"created_at"` // Creation timestamp
ModifiedAt int64 `json:"modified_at"` // Last modification timestamp
IsEncrypted bool `json:"is_encrypted"` // Encryption status flag
}
Secret represents a stored secret with metadata
type SecretManager ¶
type SecretManager struct {
// contains filtered or unexported fields
}
SecretManager handles secure secret storage and retrieval
func NewSecretManager ¶
func NewSecretManager(opts ...Option) (*SecretManager, error)
NewSecretManager creates a new secret manager with options
func (*SecretManager) DecryptFile ¶
func (sm *SecretManager) DecryptFile(filename string, key []byte) (string, error)
DecryptFile decrypts a file using OpenSSL AES-256-CBC
func (*SecretManager) EncryptEnvFile ¶
func (sm *SecretManager) EncryptEnvFile(masterKey string) (map[string]string, error)
EncryptEnvFile encrypts .env files using OpenSSL
func (*SecretManager) EncryptFile ¶
func (sm *SecretManager) EncryptFile(filename string, key []byte) error
EncryptFile encrypts a file using OpenSSL AES-256-CBC
func (*SecretManager) ExportSecrets ¶
func (sm *SecretManager) ExportSecrets(filePath string) error
ExportSecrets exports secrets to a JSON file
func (*SecretManager) GenerateMasterKey ¶
func (sm *SecretManager) GenerateMasterKey() ([]byte, error)
func (*SecretManager) GeneratePlatformKey ¶
func (sm *SecretManager) GeneratePlatformKey() (string, error)
func (*SecretManager) GenerateWindowsKey ¶
func (sm *SecretManager) GenerateWindowsKey() (string, error)
GenerateWindowsKey generates a key for Windows platforms
func (*SecretManager) GetAppName ¶
func (sm *SecretManager) GetAppName() string
func (*SecretManager) GetDopplerProvider ¶
func (sm *SecretManager) GetDopplerProvider() (SecretProvider, bool)
func (*SecretManager) GetKey ¶
func (sm *SecretManager) GetKey() string
func (*SecretManager) GetKeyOsAgnosticPath ¶
func (sm *SecretManager) GetKeyOsAgnosticPath() string
func (*SecretManager) GetSecret ¶
func (sm *SecretManager) GetSecret(name string) (string, error)
GetSecret retrieves a secret, decrypting if necessary
func (*SecretManager) ImportSecrets ¶
func (sm *SecretManager) ImportSecrets(filePath string) error
ImportSecrets imports secrets from a JSON file
func (*SecretManager) IsDopplerEnabled ¶
func (sm *SecretManager) IsDopplerEnabled() bool
func (*SecretManager) IsKeyExist ¶
func (sm *SecretManager) IsKeyExist() bool
func (*SecretManager) MigrateToProvider ¶
func (sm *SecretManager) MigrateToProvider(providerName string) error
func (*SecretManager) PrepareSecretsContext ¶
func (sm *SecretManager) PrepareSecretsContext() error
func (*SecretManager) ProcessConfigFile ¶
func (sm *SecretManager) ProcessConfigFile(cwd, key string) (*ConfigFile, error)
ProcessConfigFile processes the config file using OpenSSL
func (*SecretManager) ProcessSingleEnvFile ¶
func (sm *SecretManager) ProcessSingleEnvFile(path, key string) (*EnvFile, error)
processSingleEnvFile handles decryption of a single environment file using OpenSSL
func (*SecretManager) RotateSecrets ¶
func (sm *SecretManager) RotateSecrets() error
func (*SecretManager) SecureCompare ¶
func (sm *SecretManager) SecureCompare(a, b string) bool
SecureCompare performs constant-time comparison of secrets
func (*SecretManager) SetSecret ¶
func (sm *SecretManager) SetSecret(name, value string, encrypt bool) error
func (*SecretManager) ValidateSecret ¶
func (sm *SecretManager) ValidateSecret(name, value string) error
type SecretProvider ¶
type SecretProvider interface {
GetSecret(key string) (string, error)
SetSecret(key, value string) error
DeleteSecret(key string) error
ListSecrets() ([]string, error)
Encrypt(data []byte, key string) ([]byte, error)
Decrypt(data []byte, key string) ([]byte, error)
GenerateMasterKey() (string, error)
DeriveKey(key string) ([]byte, error)
ValidateSecretFormat(secret string) error
}
SecretProvider defines the interface for secret storage backends
Source Files
Click to show internal directories.
Click to hide internal directories.