core

package
v0.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package core provides core types and utilities for the secrets plugin.

Index

Constants

View Source 
const (
	ErrCodeSecretNotFound    = "SECRET_NOT_FOUND"
	ErrCodeSecretExists      = "SECRET_EXISTS"
	ErrCodeInvalidPath       = "INVALID_PATH"
	ErrCodeInvalidValueType  = "INVALID_VALUE_TYPE"
	ErrCodeValidationFailed  = "VALIDATION_FAILED"
	ErrCodeSchemaInvalid     = "SCHEMA_INVALID"
	ErrCodeDecryptionFailed  = "DECRYPTION_FAILED"
	ErrCodeEncryptionFailed  = "ENCRYPTION_FAILED"
	ErrCodeMasterKeyRequired = "MASTER_KEY_REQUIRED"
	ErrCodeMasterKeyInvalid  = "MASTER_KEY_INVALID"
	ErrCodeSecretExpired     = "SECRET_EXPIRED"
	ErrCodeVersionNotFound   = "VERSION_NOT_FOUND"
	ErrCodeRollbackFailed    = "ROLLBACK_FAILED"
	ErrCodeAccessDenied      = "ACCESS_DENIED"
	ErrCodeInvalidRequest    = "INVALID_REQUEST"
)

Error codes for the secrets plugin

View Source 
const (
	// MinPathLength is the minimum length for a secret path
	MinPathLength = 1
	// MaxPathLength is the maximum length for a secret path
	MaxPathLength = 512
	// MaxPathSegments is the maximum number of path segments
	MaxPathSegments = 20
	// PathSeparator is the separator used in secret paths
	PathSeparator = "/"
)

Path validation constants

Variables

This section is empty.

Functions

func BuildTree 

func BuildTree(paths []string) map[string][]string

BuildTree builds a tree structure from a list of paths Returns a map where keys are folder paths and values are lists of secret paths

func ConfigKeyToPath 

func ConfigKeyToPath(configKey string) string

ConfigKeyToPath converts a config key to a secret path format Example: "database.postgres.password" -> "database/postgres/password"

func ErrAccessDenied 

func ErrAccessDenied(reason string) error

ErrAccessDenied returns a forbidden error when access is denied

func ErrAppContextRequired 

func ErrAppContextRequired() error

ErrAppContextRequired returns a bad request error when app context is missing

func ErrDecryptionFailed 

func ErrDecryptionFailed(cause error) error

ErrDecryptionFailed returns an internal error when decryption fails

func ErrDeserializationFailed 

func ErrDeserializationFailed(valueType string, cause error) error

ErrDeserializationFailed returns an internal error when deserialization fails

func ErrEncryptionFailed 

func ErrEncryptionFailed(cause error) error

ErrEncryptionFailed returns an internal error when encryption fails

func ErrEnvironmentContextRequired 

func ErrEnvironmentContextRequired() error

ErrEnvironmentContextRequired returns a bad request error when environment context is missing

func ErrInvalidPath 

func ErrInvalidPath(path string, reason string) error

ErrInvalidPath returns a bad request error for invalid path format

func ErrInvalidRequest 

func ErrInvalidRequest(reason string, cause error) error

ErrInvalidRequest returns a bad request error for generic invalid requests

func ErrInvalidValueType 

func ErrInvalidValueType(valueType string) error

ErrInvalidValueType returns a bad request error for invalid value type

func ErrMasterKeyInvalid 

func ErrMasterKeyInvalid(reason string) error

ErrMasterKeyInvalid returns an internal error when the master key format is invalid

func ErrMasterKeyRequired 

func ErrMasterKeyRequired() error

ErrMasterKeyRequired returns an internal error when the master key is not configured

func ErrPathRequired 

func ErrPathRequired() error

ErrPathRequired returns a bad request error when path is missing

func ErrRollbackFailed 

func ErrRollbackFailed(reason string, cause error) error

ErrRollbackFailed returns an internal error when rollback fails

func ErrSchemaInvalid 

func ErrSchemaInvalid(reason string, cause error) error

ErrSchemaInvalid returns a bad request error when the JSON schema is invalid

func ErrSecretExists 

func ErrSecretExists(path string) error

ErrSecretExists returns a conflict error when a secret already exists

func ErrSecretExpired 

func ErrSecretExpired(path string) error

ErrSecretExpired returns a gone error when the secret has expired

func ErrSecretNotFound 

func ErrSecretNotFound(identifier string) error

ErrSecretNotFound returns a not found error for a secret

func ErrSecretNotFoundByPath 

func ErrSecretNotFoundByPath(path string) error

ErrSecretNotFoundByPath returns a not found error for a secret by path

func ErrSerializationFailed 

func ErrSerializationFailed(valueType string, cause error) error

ErrSerializationFailed returns an internal error when serialization fails

func ErrValidationFailed 

func ErrValidationFailed(reason string, cause error) error

ErrValidationFailed returns a bad request error when value validation fails

func ErrValueRequired 

func ErrValueRequired() error

ErrValueRequired returns a bad request error when value is missing

func ErrVersionNotFound 

func ErrVersionNotFound(secretID string, version int) error

ErrVersionNotFound returns a not found error for a specific version

func ExtractFolders 

func ExtractFolders(paths []string) []string

ExtractFolders extracts unique folder paths from a list of secret paths

func GetAncestorPaths 

func GetAncestorPaths(path string) []string

GetAncestorPaths returns all ancestor paths for a given path Example: "a/b/c/d" returns ["a", "a/b", "a/b/c"]

func GetDepth 

func GetDepth(path string) int

GetDepth returns the depth (number of segments) of a path

func GetKey 

func GetKey(path string) string

GetKey returns the key (last segment) from a path

func GetParentPath 

func GetParentPath(path string) string

GetParentPath returns the parent path (everything except the last segment) Returns empty string if the path has no parent

func IsValidPath 

func IsValidPath(path string) bool

IsValidPath checks if a path is valid without returning detailed errors

func JoinPath 

func JoinPath(segments ...string) string

JoinPath joins path segments into a single path

func MatchesPrefix 

func MatchesPrefix(path, prefix string) bool

MatchesPrefix checks if a path matches a given prefix Both paths are normalized before comparison

func NormalizePath 

func NormalizePath(path string) string

NormalizePath normalizes a secret path by: - Trimming leading/trailing slashes and whitespace - Converting to lowercase - Removing consecutive slashes

func ParsePath 

func ParsePath(path string) (segments []string, key string, err error)

ParsePath parses a secret path into segments and extracts the key (leaf node) Returns the parent segments, the key name, and any error

func PathToConfigKey 

func PathToConfigKey(path string) string

PathToConfigKey converts a secret path to a config key format Example: "database/postgres/password" -> "database.postgres.password"

func SortByPath 

func SortByPath(paths []string)

SortByPath sorts a slice of paths in natural order (folders before files at each level)

Types

type CreateSecretRequest 

type CreateSecretRequest struct {
	Path        string                 `json:"path" validate:"required"`
	Value       interface{}            `json:"value" validate:"required"`
	ValueType   string                 `json:"valueType,omitempty"` // Defaults to "plain" if not specified
	Schema      string                 `json:"schema,omitempty"`    // Optional JSON Schema for validation
	Description string                 `json:"description,omitempty"`
	Tags        []string               `json:"tags,omitempty"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
	ExpiresAt   *time.Time             `json:"expiresAt,omitempty"`
}

CreateSecretRequest is the request to create a new secret

type GetAccessLogsQuery 

type GetAccessLogsQuery struct {
	Action   string     `json:"action,omitempty"`   // Filter by action type
	FromDate *time.Time `json:"fromDate,omitempty"` // Filter from date
	ToDate   *time.Time `json:"toDate,omitempty"`   // Filter to date
	Page     int        `json:"page,omitempty"`
	PageSize int        `json:"pageSize,omitempty"`
}

GetAccessLogsQuery defines query parameters for listing access logs

type GetVersionsQuery 

type GetVersionsQuery struct {
	Page     int `json:"page,omitempty"`
	PageSize int `json:"pageSize,omitempty"`
}

GetVersionsQuery defines query parameters for listing secret versions

type ListAccessLogsResponse 

type ListAccessLogsResponse struct {
	Logs       []*SecretAccessLogDTO `json:"logs"`
	Page       int                   `json:"page"`
	PageSize   int                   `json:"pageSize"`
	TotalItems int                   `json:"totalItems"`
	TotalPages int                   `json:"totalPages"`
}

ListAccessLogsResponse is the response for listing access logs

type ListSecretsQuery 

type ListSecretsQuery struct {
	Prefix    string   `json:"prefix,omitempty"`    // Path prefix filter (e.g., "database/")
	Tags      []string `json:"tags,omitempty"`      // Tags filter (AND condition)
	ValueType string   `json:"valueType,omitempty"` // Filter by value type
	Recursive bool     `json:"recursive,omitempty"` // Include nested paths (default: true)
	Search    string   `json:"search,omitempty"`    // Search in path, description
	Page      int      `json:"page,omitempty"`      // Page number (1-based)
	PageSize  int      `json:"pageSize,omitempty"`  // Items per page
	SortBy    string   `json:"sortBy,omitempty"`    // Sort field: path, created_at, updated_at
	SortOrder string   `json:"sortOrder,omitempty"` // Sort order: asc, desc
}

ListSecretsQuery defines query parameters for listing secrets

type ListSecretsResponse 

type ListSecretsResponse struct {
	Secrets    []*SecretDTO `json:"secrets"`
	Page       int          `json:"page"`
	PageSize   int          `json:"pageSize"`
	TotalItems int          `json:"totalItems"`
	TotalPages int          `json:"totalPages"`
}

ListSecretsResponse is the response for listing secrets

type ListVersionsResponse 

type ListVersionsResponse struct {
	Versions   []*SecretVersionDTO `json:"versions"`
	Page       int                 `json:"page"`
	PageSize   int                 `json:"pageSize"`
	TotalItems int                 `json:"totalItems"`
	TotalPages int                 `json:"totalPages"`
}

ListVersionsResponse is the response for listing secret versions

type RevealValueResponse 

type RevealValueResponse struct {
	Value     interface{} `json:"value"`
	ValueType string      `json:"valueType"`
}

RevealValueResponse is the response for revealing a secret value

type RollbackSecretRequest 

type RollbackSecretRequest struct {
	TargetVersion int    `json:"targetVersion" validate:"required,min=1"`
	Reason        string `json:"reason,omitempty"`
}

RollbackSecretRequest is the request to rollback a secret to a previous version

type SecretAccessLogDTO 

type SecretAccessLogDTO struct {
	ID           string    `json:"id"`
	SecretID     string    `json:"secretId"`
	Path         string    `json:"path"`
	Action       string    `json:"action"`
	AccessedBy   string    `json:"accessedBy,omitempty"`
	AccessMethod string    `json:"accessMethod"`
	IPAddress    string    `json:"ipAddress,omitempty"`
	Success      bool      `json:"success"`
	ErrorMessage string    `json:"errorMessage,omitempty"`
	CreatedAt    time.Time `json:"createdAt"`
}

SecretAccessLogDTO represents an access log entry

type SecretDTO 

type SecretDTO struct {
	ID          string                 `json:"id"`
	Path        string                 `json:"path"`
	Key         string                 `json:"key"`
	ValueType   string                 `json:"valueType"`
	Description string                 `json:"description,omitempty"`
	Tags        []string               `json:"tags,omitempty"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
	Version     int                    `json:"version"`
	IsActive    bool                   `json:"isActive"`
	HasSchema   bool                   `json:"hasSchema"`
	HasExpiry   bool                   `json:"hasExpiry"`
	ExpiresAt   *time.Time             `json:"expiresAt,omitempty"`
	CreatedBy   string                 `json:"createdBy,omitempty"`
	UpdatedBy   string                 `json:"updatedBy,omitempty"`
	CreatedAt   time.Time              `json:"createdAt"`
	UpdatedAt   time.Time              `json:"updatedAt"`
}

SecretDTO is the API response for a secret (value excluded for security)

type SecretTreeNode 

type SecretTreeNode struct {
	Name     string            `json:"name"`               // Node name (folder name or secret key)
	Path     string            `json:"path"`               // Full path to this node
	IsSecret bool              `json:"isSecret"`           // True if this is a secret, false if folder
	Secret   *SecretDTO        `json:"secret,omitempty"`   // Secret data if isSecret is true
	Children []*SecretTreeNode `json:"children,omitempty"` // Child nodes if folder
}

SecretTreeNode represents a node in the secrets tree view

type SecretValueType 

type SecretValueType string

SecretValueType defines the type of secret value 

const (
	// SecretValueTypePlain is a plain string value
	SecretValueTypePlain SecretValueType = "plain"
	// SecretValueTypeJSON is a JSON object/array value
	SecretValueTypeJSON SecretValueType = "json"
	// SecretValueTypeYAML is a YAML document value
	SecretValueTypeYAML SecretValueType = "yaml"
	// SecretValueTypeBinary is a base64-encoded binary value
	SecretValueTypeBinary SecretValueType = "binary"
)

func ParseSecretValueType 

func ParseSecretValueType(s string) (SecretValueType, bool)

ParseSecretValueType parses a string into a SecretValueType

func (SecretValueType) IsValid 

func (t SecretValueType) IsValid() bool

IsValid checks if the value type is valid

func (SecretValueType) String 

func (t SecretValueType) String() string

String returns the string representation of the value type

type SecretVersionDTO 

type SecretVersionDTO struct {
	ID           string    `json:"id"`
	Version      int       `json:"version"`
	ValueType    string    `json:"valueType"`
	HasSchema    bool      `json:"hasSchema"`
	ChangedBy    string    `json:"changedBy,omitempty"`
	ChangeReason string    `json:"changeReason,omitempty"`
	CreatedAt    time.Time `json:"createdAt"`
}

SecretVersionDTO represents a historical version of a secret

type SecretWithValueDTO 

type SecretWithValueDTO struct {
	SecretDTO
	Value interface{} `json:"value"` // string, map, or slice depending on type
}

SecretWithValueDTO includes the decrypted value (for authorized access)

type StatsDTO 

type StatsDTO struct {
	TotalSecrets    int            `json:"totalSecrets"`
	TotalVersions   int            `json:"totalVersions"`
	SecretsByType   map[string]int `json:"secretsByType"`
	ExpiringSecrets int            `json:"expiringSecrets"` // Secrets expiring in next 30 days
	ExpiredSecrets  int            `json:"expiredSecrets"`
	RecentlyUpdated int            `json:"recentlyUpdated"` // Updated in last 7 days
}

StatsDTO contains statistics about secrets

type UpdateSecretRequest 

type UpdateSecretRequest struct {
	Value        interface{}            `json:"value,omitempty"`
	ValueType    string                 `json:"valueType,omitempty"`
	Schema       string                 `json:"schema,omitempty"`
	Description  string                 `json:"description,omitempty"`
	Tags         []string               `json:"tags,omitempty"`
	Metadata     map[string]interface{} `json:"metadata,omitempty"`
	ExpiresAt    *time.Time             `json:"expiresAt,omitempty"`
	ClearExpiry  bool                   `json:"clearExpiry,omitempty"` // Set to true to remove expiry
	ChangeReason string                 `json:"changeReason,omitempty"`
}

UpdateSecretRequest is the request to update an existing secret

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.