secrets

package
v0.0.36 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 23, 2025 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package secrets contains the secrets management logic for ToolHive.

Index

Constants

View Source 
const (
	// PasswordEnvVar is the environment variable used to specify the password for encrypting and decrypting secrets.
	PasswordEnvVar = "TOOLHIVE_SECRETS_PASSWORD"
)

Variables

View Source 
var ErrUnknownManagerType = errors.New("unknown secret manager type")

ErrUnknownManagerType is returned when an invalid value for ProviderType is specified.

Functions

func GetSecretsPassword 

func GetSecretsPassword() ([]byte, error)

GetSecretsPassword returns the password to use for encrypting and decrypting secrets. It will attempt to retrieve it from the environment variable TOOLHIVE_SECRETS_PASSWORD. If the environment variable is not set, it will prompt the user to enter a password.

func ResetKeyringSecret 

func ResetKeyringSecret() error

ResetKeyringSecret clears out the secret from the keystore (if present).

func SecretParametersToCLI added in v0.0.34 

func SecretParametersToCLI(params []SecretParameter) []string

SecretParametersToCLI does the reverse of `ParseSecretParameter` TODO: It may be possible to get rid of this with refactoring.

Types

type EncryptedManager 

type EncryptedManager struct {
	// contains filtered or unexported fields
}

EncryptedManager stores secrets in an encrypted file. AES-256-GCM is used for encryption.

func (*EncryptedManager) Cleanup 

func (e *EncryptedManager) Cleanup() error

Cleanup removes all secrets managed by this manager.

func (*EncryptedManager) DeleteSecret 

func (e *EncryptedManager) DeleteSecret(name string) error

DeleteSecret removes a secret from the secret store.

func (*EncryptedManager) GetSecret 

func (e *EncryptedManager) GetSecret(name string) (string, error)

GetSecret retrieves a secret from the secret store.

func (*EncryptedManager) ListSecrets 

func (e *EncryptedManager) ListSecrets() ([]string, error)

ListSecrets returns a list of all secret names stored in the manager.

func (*EncryptedManager) SetSecret 

func (e *EncryptedManager) SetSecret(name, value string) error

SetSecret stores a secret in the secret store.

type OPSecretsService added in v0.0.32 

type OPSecretsService interface {
	Resolve(ctx context.Context, secretReference string) (string, error)
}

OPSecretsService defines the interface for the 1Password Secrets service

type OnePasswordManager added in v0.0.32 

type OnePasswordManager struct {
	// contains filtered or unexported fields
}

OnePasswordManager manages secrets in 1Password.

func NewOnePasswordManagerWithService added in v0.0.32 

func NewOnePasswordManagerWithService(secretsService OPSecretsService) *OnePasswordManager

NewOnePasswordManagerWithService creates an instance of OnePasswordManager with a provided secrets service. This function is primarily intended for testing purposes.

func (*OnePasswordManager) Cleanup added in v0.0.32 

func (*OnePasswordManager) Cleanup() error

Cleanup is not needed for 1Password.

func (*OnePasswordManager) DeleteSecret added in v0.0.32 

func (*OnePasswordManager) DeleteSecret(_ string) error

DeleteSecret is not supported for 1Password unless there is demand for it.

func (*OnePasswordManager) GetSecret added in v0.0.32 

func (opm *OnePasswordManager) GetSecret(path string) (string, error)

GetSecret retrieves a secret from 1Password.

func (*OnePasswordManager) ListSecrets added in v0.0.32 

func (*OnePasswordManager) ListSecrets() ([]string, error)

ListSecrets is not supported for 1Password unless there is demand for it.

func (*OnePasswordManager) SetSecret added in v0.0.32 

func (*OnePasswordManager) SetSecret(_, _ string) error

SetSecret is not supported for 1Password unless there is demand for it.

type Provider added in v0.0.32 

type Provider interface {
	GetSecret(name string) (string, error)
	SetSecret(name, value string) error
	DeleteSecret(name string) error
	ListSecrets() ([]string, error)
	Cleanup() error
}

Provider describes a type which can manage secrets.

func CreateSecretProvider added in v0.0.33 

func CreateSecretProvider(managerType ProviderType) (Provider, error)

CreateSecretProvider creates the specified type of secrets provider.

func NewEncryptedManager 

func NewEncryptedManager(filePath string, key []byte) (Provider, error)

NewEncryptedManager creates an instance of EncryptedManager.

func NewOnePasswordManager added in v0.0.32 

func NewOnePasswordManager() (Provider, error)

NewOnePasswordManager creates an instance of OnePasswordManager.

type ProviderType 

type ProviderType string

ProviderType represents an enum of the types of available secrets providers. 

const (
	// EncryptedType represents the encrypted secret provider.
	EncryptedType ProviderType = "encrypted"

	// OnePasswordType represents the 1Password secret provider.
	OnePasswordType ProviderType = "1password"
)

type SecretParameter 

type SecretParameter struct {
	Name   string `json:"name"`
	Target string `json:"target"`
}

SecretParameter represents a parsed `--secret` parameter.

func ParseSecretParameter 

func ParseSecretParameter(parameter string) (SecretParameter, error)

ParseSecretParameter creates an instance of SecretParameter from a string. Expected format: `<Name>,target=<Target>`.

Source Files

View all Source files

Directories

Path Synopsis
Package aes contains functions for encrypting and decrypting data using AES-GCM
 Package aes contains functions for encrypting and decrypting data using AES-GCM
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.