secretref

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Backend 

type Backend interface {
	Resolve(ctx context.Context, ref Ref) (string, error)
}

Backend resolves a parsed secret reference into a plaintext value.

type EnvBackend 

type EnvBackend struct {
	// contains filtered or unexported fields
}

EnvBackend resolves env://VAR references.

func NewEnvBackend 

func NewEnvBackend(lookup EnvLookup) *EnvBackend

func (*EnvBackend) Resolve 

func (b *EnvBackend) Resolve(_ context.Context, ref Ref) (string, error)

type EnvLookup 

type EnvLookup func(string) (string, bool)

type Error 

type Error struct {
	Kind   ErrorKind
	Ref    string
	Detail string
	Err    error
}

Error is a typed secret reference error.

func (*Error) Error 

func (e *Error) Error() string

func (*Error) Unwrap 

func (e *Error) Unwrap() error

type ErrorKind 

type ErrorKind string
const (
	KindInvalidRef         ErrorKind = "invalid_ref"
	KindNotFound           ErrorKind = "not_found"
	KindBackendUnavailable ErrorKind = "backend_unavailable"
)

type KeychainBackend 

type KeychainBackend struct {
	// contains filtered or unexported fields
}

KeychainBackend resolves keychain://service/account references.

func NewKeychainBackend 

func NewKeychainBackend() *KeychainBackend

NewKeychainBackend creates a keychain backend for the current platform.

func (*KeychainBackend) DefaultRef added in v1.13.0 

func (b *KeychainBackend) DefaultRef(storeName, account string) string

func (*KeychainBackend) DisplayName added in v1.13.0 

func (b *KeychainBackend) DisplayName() string

func (*KeychainBackend) Exists added in v1.13.0 

func (b *KeychainBackend) Exists(ctx context.Context, ref Ref) (bool, error)

func (*KeychainBackend) Resolve 

func (b *KeychainBackend) Resolve(ctx context.Context, ref Ref) (string, error)

func (*KeychainBackend) Scheme added in v1.13.0 

func (b *KeychainBackend) Scheme() string

func (*KeychainBackend) Store added in v1.13.0 

func (b *KeychainBackend) Store(ctx context.Context, ref Ref, value string) error

func (*KeychainBackend) WriteSupported added in v1.13.0 

func (b *KeychainBackend) WriteSupported() bool

type Ref 

type Ref struct {
	Raw    string
	Scheme string
	Path   string
}

Ref represents a parsed secret reference in the form <scheme>://<path>.

func Parse 

func Parse(raw string) (Ref, error)

Parse parses a secret reference.

type Resolver 

type Resolver struct {
	// contains filtered or unexported fields
}

Resolver routes secret references by scheme.

func NewDefaultResolver 

func NewDefaultResolver() *Resolver

NewDefaultResolver builds the baseline resolver with env:// and keychain:// support.

func NewResolver 

func NewResolver(backends map[string]Backend) *Resolver

NewResolver creates a resolver from scheme backends.

func (*Resolver) Exists added in v1.13.0 

func (r *Resolver) Exists(ctx context.Context, raw string) (bool, error)

Exists reports whether a writable secret reference already exists.

func (*Resolver) Resolve 

func (r *Resolver) Resolve(ctx context.Context, raw string) (string, error)

Resolve parses and resolves a secret reference.

func (*Resolver) Store added in v1.13.0 

func (r *Resolver) Store(ctx context.Context, raw, value string) error

Store writes a secret value through a writable backend.

func (*Resolver) WritableBackends added in v1.13.0 

func (r *Resolver) WritableBackends() []WritableBackend

WritableBackends returns registered backends that support interactive writes.

type SecretServiceBackend added in v1.13.0 

type SecretServiceBackend struct {
	// contains filtered or unexported fields
}

SecretServiceBackend resolves secret-service://collection/item references.

func NewSecretServiceBackend added in v1.13.0 

func NewSecretServiceBackend() *SecretServiceBackend

NewSecretServiceBackend creates a Secret Service backend for the current platform.

func (*SecretServiceBackend) DefaultRef added in v1.13.0 

func (b *SecretServiceBackend) DefaultRef(storeName, account string) string

func (*SecretServiceBackend) DisplayName added in v1.13.0 

func (b *SecretServiceBackend) DisplayName() string

func (*SecretServiceBackend) Exists added in v1.13.0 

func (b *SecretServiceBackend) Exists(ctx context.Context, ref Ref) (bool, error)

func (*SecretServiceBackend) Resolve added in v1.13.0 

func (b *SecretServiceBackend) Resolve(ctx context.Context, ref Ref) (string, error)

func (*SecretServiceBackend) Scheme added in v1.13.0 

func (b *SecretServiceBackend) Scheme() string

func (*SecretServiceBackend) Store added in v1.13.0 

func (b *SecretServiceBackend) Store(ctx context.Context, ref Ref, value string) error

func (*SecretServiceBackend) WriteSupported added in v1.13.0 

func (b *SecretServiceBackend) WriteSupported() bool

type WincredBackend added in v1.13.0 

type WincredBackend struct {
	// contains filtered or unexported fields
}

WincredBackend resolves wincred://target references.

func NewWincredBackend added in v1.13.0 

func NewWincredBackend() *WincredBackend

NewWincredBackend creates a Windows Credential Manager backend for the current platform.

func (*WincredBackend) DefaultRef added in v1.13.0 

func (b *WincredBackend) DefaultRef(storeName, account string) string

func (*WincredBackend) DisplayName added in v1.13.0 

func (b *WincredBackend) DisplayName() string

func (*WincredBackend) Exists added in v1.13.0 

func (b *WincredBackend) Exists(ctx context.Context, ref Ref) (bool, error)

func (*WincredBackend) Resolve added in v1.13.0 

func (b *WincredBackend) Resolve(ctx context.Context, ref Ref) (string, error)

func (*WincredBackend) Scheme added in v1.13.0 

func (b *WincredBackend) Scheme() string

func (*WincredBackend) Store added in v1.13.0 

func (b *WincredBackend) Store(ctx context.Context, ref Ref, value string) error

func (*WincredBackend) WriteSupported added in v1.13.0 

func (b *WincredBackend) WriteSupported() bool

type WritableBackend added in v1.13.0 

type WritableBackend interface {
	Backend
	Scheme() string
	DisplayName() string
	WriteSupported() bool
	DefaultRef(storeName, account string) string
	Exists(ctx context.Context, ref Ref) (bool, error)
	Store(ctx context.Context, ref Ref, value string) error
}

WritableBackend extends a backend with native-store write and existence checks for interactive CLI flows.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.