Versions in this module Expand all Collapse all v0 v0.1.2 Jul 8, 2025 Changes in this version + var DefaultVaultKeyEnv = "VAULT_KEY" + var ErrDecryptionFailed = errors.New("decryption failed") + var ErrInvalidConfig = errors.New("invalid configuration") + var ErrInvalidKey = errors.New("invalid secret key") + var ErrInvalidRecipient = errors.New("invalid recipient") + var ErrNoAccess = errors.New("access denied") + var ErrPathNotSecure = errors.New("path is not secure") + var ErrSecretNotFound = errors.New("secret not found") + var ErrVaultNotFound = errors.New("vault not found") + func DeriveEncryptionKey(passphrase, sal string) (string, string, error) + func GenerateEncryptionKey() (string, error) + func New(id string, opts ...Option) (Provider, *Config, error) + func SaveConfigJSON(config Config, path string) error + func ValidateEncryptionKey(key string) error + func ValidateSecretKey(reference string) error + type AES256Vault struct + func NewAES256Vault(cfg *Config) (*AES256Vault, error) + func (v *AES256Vault) Close() error + func (v *AES256Vault) DeleteSecret(key string) error + func (v *AES256Vault) GetSecret(key string) (Secret, error) + func (v *AES256Vault) HasSecret(key string) (bool, error) + func (v *AES256Vault) ID() string + func (v *AES256Vault) ListSecrets() ([]string, error) + func (v *AES256Vault) Metadata() Metadata + func (v *AES256Vault) SetSecret(key string, secret Secret) error + type AESState struct + ID string + Secrets map[string]string + Version int + type AesConfig struct + KeySource []KeySource + StoragePath string + func (c *AesConfig) Validate() error + type AgeConfig struct + IdentitySources []IdentitySource + Recipients []string + StoragePath string + func (c *AgeConfig) Validate() error + type AgeState struct + ID string + Recipients []string + Secrets map[string]string + Version int + type AgeVault struct + func NewAgeVault(cfg *Config) (*AgeVault, error) + func (v *AgeVault) AddRecipient(publicKey string) error + func (v *AgeVault) Close() error + func (v *AgeVault) DeleteSecret(key string) error + func (v *AgeVault) GetSecret(key string) (Secret, error) + func (v *AgeVault) HasSecret(key string) (bool, error) + func (v *AgeVault) ID() string + func (v *AgeVault) ListRecipients() ([]string, error) + func (v *AgeVault) ListSecrets() ([]string, error) + func (v *AgeVault) Metadata() Metadata + func (v *AgeVault) RemoveRecipient(publicKey string) error + func (v *AgeVault) SetSecret(key string, value Secret) error + type CommandSet struct + Delete string + Exists string + Get string + List string + Set string + type Config struct + Aes *AesConfig + Age *AgeConfig + External *ExternalConfig + ID string + Type ProviderType + func LoadConfigJSON(path string) (Config, error) + func (c *Config) Validate() error + type ExternalConfig struct + Commands CommandSet + Environment map[string]string + Timeout time.Duration + WorkingDir string + func (c *ExternalConfig) Validate() error + type ExternalVaultProvider struct + func (v *ExternalVaultProvider) Close() error + func (v *ExternalVaultProvider) DeleteSecret(key string) error + func (v *ExternalVaultProvider) GetSecret(_ string) (Secret, error) + func (v *ExternalVaultProvider) HasSecret(key string) (bool, error) + func (v *ExternalVaultProvider) ID() string + func (v *ExternalVaultProvider) ListSecrets() ([]string, error) + func (v *ExternalVaultProvider) SetSecret(key string, value Secret) error + type IdentityResolver struct + func NewIdentityResolver(sources []IdentitySource) *IdentityResolver + func (r *IdentityResolver) ResolveIdentities() ([]age.Identity, error) + type IdentitySource struct + Name string + Path string + Type string + type KeyResolver struct + func NewKeyResolver(sources []KeySource) *KeyResolver + func (r *KeyResolver) ResolveKeys() ([]string, error) + func (r *KeyResolver) TryDecrypt(encryptedData string) (string, string, error) + type KeySource struct + Name string + Path string + Type string + type Metadata struct + Created time.Time + LastModified time.Time + type Option func(*Config) + func WithAESKeyFromEnv(envVar string) Option + func WithAESKeyFromFile(path string) Option + func WithAESPath(path string) Option + func WithAgeIdentityFromEnv(envVar string) Option + func WithAgeIdentityFromFile(path string) Option + func WithAgePath(path string) Option + func WithAgeRecipients(recipients ...string) Option + func WithExternalConfig(cfg *ExternalConfig) Option + func WithLocalPath(path string) Option + func WithProvider(provider ProviderType) Option + type Provider interface + Close func() error + DeleteSecret func(key string) error + GetSecret func(key string) (Secret, error) + HasSecret func(key string) (bool, error) + ID func() string + ListSecrets func() ([]string, error) + Metadata func() Metadata + SetSecret func(key string, value Secret) error + type ProviderType string + const ProviderTypeAES256 + const ProviderTypeAge + const ProviderTypeExternal + type RecipientManager interface + AddRecipient func(identity string) error + ListRecipients func() ([]string, error) + RemoveRecipient func(identity string) error + func HasRecipientManagement(v Provider) (RecipientManager, bool) + type Secret interface + Bytes func() []byte + PlainTextString func() string + String func() string + Zero func() + type SecretValue struct + func NewSecretValue(value []byte) *SecretValue + func (s *SecretValue) Bytes() []byte + func (s *SecretValue) PlainTextString() string + func (s *SecretValue) String() string + func (s *SecretValue) Zero() + type SecureBytes []byte + func (s *SecureBytes) Zero() + func (s SecureBytes) Copy() SecureBytes + type VaultPathError struct + Err error + Path string + func NewVaultPathError(path string) *VaultPathError + func (e *VaultPathError) Error() string + func (e *VaultPathError) Unwrap() error
Go to main page