Documentation
¶
Overview ¶
Package keyring handles secure storage of cryptographic keys and secrets.
Secret reads and writes are performed directly via the OS keychain (go-keyring). On Linux/WSL (where D-Bus Secret Service is typically unavailable), storage falls back to file-based storage in ~/.agentsecrets/keyring.json.
On Linux/WSL (where D-Bus Secret Service is typically unavailable), keypair storage falls back to file-based storage in ~/.agentsecrets/keyring.json.
Service name: "AgentSecrets" Keypair naming: "{email}_private_key", "{email}_public_key" Secret naming: "{projectID}:{environment}:{key}"
Index ¶
- func DeleteKeypair(email string) error
- func DeleteSecret(projectID, environment, key string) error
- func GetAllProjectSecrets(projectID, environment string) (map[string]string, error)
- func GetPrivateKey(email string) ([]byte, error)
- func GetPublicKey(email string) ([]byte, error)
- func GetSecret(projectID, environment, key string) (string, error)
- func GetWorkspaceAllowlist(workspaceID string) ([]string, error)
- func ListProjectKeyNames(projectID, environment string) []string
- func SetSecret(projectID, environment, key, value string) error
- func SetWorkspaceAllowlist(workspaceID string, domains []string) error
- func StoreKeypair(email string, privateKey, publicKey []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeleteKeypair ¶
DeleteKeypair removes both keys (used during logout).
func DeleteSecret ¶
DeleteSecret removes a secret from the keyring and its index.
func GetAllProjectSecrets ¶
GetAllProjectSecrets returns all secrets mapped for a specific project and environment from the keyring.
func GetPrivateKey ¶
GetPrivateKey retrieves the user's private key.
func GetPublicKey ¶
GetPublicKey retrieves the user's public key.
func GetSecret ¶
GetSecret retrieves a secret value directly from the OS keychain. It handles legacy key format fallback for the development environment.
func GetWorkspaceAllowlist ¶ added in v1.1.0
GetWorkspaceAllowlist retrieves the allowlist for a workspace from the OS keychain.
func ListProjectKeyNames ¶ added in v1.2.0
ListProjectKeyNames returns the key names cached in the local index for a given project and environment. This reads the key index only (no secret values are accessed, no keychain-auth session required). Useful for listing, .env.example generation, and count display without API calls.
func SetSecret ¶
SetSecret stores a decrypted secret in the keyring and updates the project environment's key index.
func SetWorkspaceAllowlist ¶ added in v1.1.0
SetWorkspaceAllowlist stores the allowlist for a workspace in the OS keychain.
func StoreKeypair ¶
StoreKeypair saves both private and public keys. Uses OS keychain when available, falls back to file on Linux/WSL.
Types ¶
This section is empty.
Source Files