secret

package

v0.16.0 Latest Latest Go to latest Published: Jan 23, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smart-mcp-proxy/mcpproxy-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DetectPotentialSecret(value, fieldName string) (isSecret bool, confidence float64)
func IsSecretRef(input string) bool
func MaskSecretValue(value string) string
type ConfigSecretsResponse
type EnvProvider
- func NewEnvProvider() *EnvProvider
- func (p *EnvProvider) CanResolve(secretType string) bool
- func (p *EnvProvider) Delete(_ context.Context, _ Ref) error
- func (p *EnvProvider) IsAvailable() bool
- func (p *EnvProvider) List(_ context.Context) ([]Ref, error)
- func (p *EnvProvider) Resolve(_ context.Context, ref Ref) (string, error)
- func (p *EnvProvider) Store(_ context.Context, _ Ref, _ string) error
type EnvVarStatus
type KeyringProvider
- func NewKeyringProvider() *KeyringProvider
- func (p *KeyringProvider) CanResolve(secretType string) bool
- func (p *KeyringProvider) Delete(_ context.Context, ref Ref) error
- func (p *KeyringProvider) DeleteWithRegistry(ctx context.Context, ref Ref) error
- func (p *KeyringProvider) IsAvailable() bool
- func (p *KeyringProvider) List(_ context.Context) ([]Ref, error)
- func (p *KeyringProvider) Resolve(_ context.Context, ref Ref) (string, error)
- func (p *KeyringProvider) Store(_ context.Context, ref Ref, value string) error
- func (p *KeyringProvider) StoreWithRegistry(ctx context.Context, ref Ref, value string) error
type KeyringSecretStatus
type MigrationAnalysis
type MigrationCandidate
type Provider
type Ref
- func FindSecretRefs(input string) []*Ref
- func ParseSecretRef(input string) (*Ref, error)
type ResolveResult
type Resolver
- func NewResolver() *Resolver
- func (r *Resolver) AnalyzeForMigration(v interface{}) *MigrationAnalysis
- func (r *Resolver) Delete(ctx context.Context, ref Ref) error
- func (r *Resolver) ExpandSecretRefs(ctx context.Context, input string) (string, error)
- func (r *Resolver) ExpandStructSecrets(ctx context.Context, v interface{}) error
- func (r *Resolver) ExtractConfigSecrets(ctx context.Context, v interface{}) (*ConfigSecretsResponse, error)
- func (r *Resolver) GetAvailableProviders() []string
- func (r *Resolver) ListAll(ctx context.Context) ([]Ref, error)
- func (r *Resolver) RegisterProvider(secretType string, provider Provider)
- func (r *Resolver) Resolve(ctx context.Context, ref Ref) (string, error)
- func (r *Resolver) Store(ctx context.Context, ref Ref, value string) error

Constants ¶

View Source

const (
	// ServiceName for keyring entries
	ServiceName       = "mcpproxy"
	SecretTypeKeyring = "keyring"
	RegistryKey       = "_mcpproxy_secret_registry"
)

View Source

const (
	SecretTypeEnv = "env"
)

Variables ¶

This section is empty.

Functions ¶

func DetectPotentialSecret ¶

func DetectPotentialSecret(value, fieldName string) (isSecret bool, confidence float64)

DetectPotentialSecret analyzes a string to determine if it might be a secret

func IsSecretRef ¶

func IsSecretRef(input string) bool

IsSecretRef returns true if the string looks like a secret reference

func MaskSecretValue ¶

func MaskSecretValue(value string) string

MaskSecretValue masks a secret value for safe display

Types ¶

type ConfigSecretsResponse ¶

type ConfigSecretsResponse struct {
	Secrets         []KeyringSecretStatus `json:"secrets"`
	EnvironmentVars []EnvVarStatus        `json:"environment_vars"`
	TotalSecrets    int                   `json:"total_secrets"`
	TotalEnvVars    int                   `json:"total_env_vars"`
}

ConfigSecretsResponse contains secrets and environment variables referenced in config

type EnvProvider ¶

type EnvProvider struct{}

EnvProvider resolves secrets from environment variables

func NewEnvProvider ¶

func NewEnvProvider() *EnvProvider

NewEnvProvider creates a new environment variable provider

func (*EnvProvider) CanResolve ¶

func (p *EnvProvider) CanResolve(secretType string) bool

CanResolve returns true if this provider can handle the given secret type

func (*EnvProvider) Delete ¶

func (p *EnvProvider) Delete(_ context.Context, _ Ref) error

Delete is not supported for environment variables

func (*EnvProvider) IsAvailable ¶

func (p *EnvProvider) IsAvailable() bool

IsAvailable always returns true as environment variables are always available

func (*EnvProvider) List ¶

func (p *EnvProvider) List(_ context.Context) ([]Ref, error)

List returns all environment variables that look like secrets

func (*EnvProvider) Resolve ¶

func (p *EnvProvider) Resolve(_ context.Context, ref Ref) (string, error)

Resolve retrieves the secret value from environment variables

func (*EnvProvider) Store ¶

func (p *EnvProvider) Store(_ context.Context, _ Ref, _ string) error

Store is not supported for environment variables

type EnvVarStatus ¶

type EnvVarStatus struct {
	Ref   Ref  `json:"secret_ref"`
	IsSet bool `json:"is_set"`
}

EnvVarStatus represents the status of an environment variable reference

type KeyringProvider ¶

type KeyringProvider struct {
	// contains filtered or unexported fields
}

KeyringProvider resolves secrets from OS keyring (Keychain, Secret Service, WinCred)

func NewKeyringProvider ¶

func NewKeyringProvider() *KeyringProvider

NewKeyringProvider creates a new keyring provider

func (*KeyringProvider) CanResolve ¶

func (p *KeyringProvider) CanResolve(secretType string) bool

CanResolve returns true if this provider can handle the given secret type

func (*KeyringProvider) Delete ¶

func (p *KeyringProvider) Delete(_ context.Context, ref Ref) error

Delete removes a secret from the OS keyring and updates the registry

func (*KeyringProvider) DeleteWithRegistry ¶

func (p *KeyringProvider) DeleteWithRegistry(ctx context.Context, ref Ref) error

DeleteWithRegistry deletes a secret and updates the registry

func (*KeyringProvider) IsAvailable ¶

func (p *KeyringProvider) IsAvailable() bool

IsAvailable checks if the keyring is available on the current system

func (*KeyringProvider) List ¶

func (p *KeyringProvider) List(_ context.Context) ([]Ref, error)

List returns all secret references stored in the keyring Note: go-keyring doesn't provide a list function, so we'll track them differently

func (*KeyringProvider) Resolve ¶

func (p *KeyringProvider) Resolve(_ context.Context, ref Ref) (string, error)

Resolve retrieves the secret value from the OS keyring

func (*KeyringProvider) Store ¶

func (p *KeyringProvider) Store(_ context.Context, ref Ref, value string) error

Store saves a secret to the OS keyring and updates the registry

func (*KeyringProvider) StoreWithRegistry ¶

func (p *KeyringProvider) StoreWithRegistry(ctx context.Context, ref Ref, value string) error

StoreWithRegistry stores a secret and updates the registry

type KeyringSecretStatus ¶

type KeyringSecretStatus struct {
	Ref   Ref  `json:"secret_ref"`
	IsSet bool `json:"is_set"`
}

KeyringSecretStatus represents the status of a keyring secret reference

type MigrationAnalysis ¶

type MigrationAnalysis struct {
	Candidates []MigrationCandidate `json:"candidates"`
	TotalFound int                  `json:"total_found"`
}

MigrationAnalysis contains analysis of potential secrets to migrate

type MigrationCandidate ¶

type MigrationCandidate struct {
	Field      string  `json:"field"`      // Field path in config
	Value      string  `json:"value"`      // Current plaintext value (masked in responses)
	Suggested  string  `json:"suggested"`  // Suggested Ref
	Confidence float64 `json:"confidence"` // Confidence this is a secret (0-1)
}

MigrationCandidate represents a potential secret that could be migrated

type Provider ¶

type Provider interface {
	// CanResolve returns true if this provider can handle the given secret type
	CanResolve(secretType string) bool

	// Resolve retrieves the actual secret value
	Resolve(ctx context.Context, ref Ref) (string, error)

	// Store saves a secret (if supported by the provider)
	Store(ctx context.Context, ref Ref, value string) error

	// Delete removes a secret (if supported by the provider)
	Delete(ctx context.Context, ref Ref) error

	// List returns all secret references handled by this provider
	List(ctx context.Context) ([]Ref, error)

	// IsAvailable checks if the provider is available on the current system
	IsAvailable() bool
}

Provider interface for secret resolution

type Ref ¶

type Ref struct {
	Type     string `json:"type"`     // env, keyring, op, age
	Name     string `json:"name"`     // environment variable name, keyring alias, etc.
	Original string `json:"original"` // original reference string
}

Ref represents a reference to a secret

func FindSecretRefs ¶

func FindSecretRefs(input string) []*Ref

FindSecretRefs finds all secret references in a string

func ParseSecretRef ¶

func ParseSecretRef(input string) (*Ref, error)

ParseSecretRef parses a string that may contain secret references

type ResolveResult ¶

type ResolveResult struct {
	Ref      Ref
	Value    string
	Error    error
	Resolved bool
}

ResolveResult contains the result of secret resolution

type Resolver ¶

type Resolver struct {
	// contains filtered or unexported fields
}

Resolver manages secret resolution using multiple providers

func NewResolver ¶

func NewResolver() *Resolver

NewResolver creates a new secret resolver

func (*Resolver) AnalyzeForMigration ¶

func (r *Resolver) AnalyzeForMigration(v interface{}) *MigrationAnalysis

AnalyzeForMigration analyzes a struct for potential secrets that could be migrated

func (*Resolver) Delete ¶

func (r *Resolver) Delete(ctx context.Context, ref Ref) error

Delete deletes a secret using the appropriate provider

func (*Resolver) ExpandSecretRefs ¶

func (r *Resolver) ExpandSecretRefs(ctx context.Context, input string) (string, error)

ExpandSecretRefs replaces all secret references in a string with resolved values

func (*Resolver) ExpandStructSecrets ¶

func (r *Resolver) ExpandStructSecrets(ctx context.Context, v interface{}) error

ExpandStructSecrets recursively expands secret references in a struct

func (*Resolver) ExtractConfigSecrets ¶

func (r *Resolver) ExtractConfigSecrets(ctx context.Context, v interface{}) (*ConfigSecretsResponse, error)

ExtractConfigSecrets extracts all secret and environment references from a config structure

func (*Resolver) GetAvailableProviders ¶

func (r *Resolver) GetAvailableProviders() []string

GetAvailableProviders returns a list of available providers

func (*Resolver) ListAll ¶

func (r *Resolver) ListAll(ctx context.Context) ([]Ref, error)

ListAll lists all secret references from all providers

func (*Resolver) RegisterProvider ¶

func (r *Resolver) RegisterProvider(secretType string, provider Provider)

RegisterProvider registers a new secret provider

func (*Resolver) Resolve ¶

func (r *Resolver) Resolve(ctx context.Context, ref Ref) (string, error)

Resolve resolves a single secret reference

func (*Resolver) Store ¶

func (r *Resolver) Store(ctx context.Context, ref Ref, value string) error

Store stores a secret using the appropriate provider

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL