secrets

package

v0.0.6 Latest Latest Go to latest Published: Jan 15, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AmadeusITGroup/gh-app-auth

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secrets provides secure storage for sensitive data using OS-native keyrings with automatic fallback to filesystem storage.

Index ¶

Variables
type Manager
- func NewManager(fallbackDir string) *Manager
type SecretType
type StorageBackend

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNotFound           = errors.New("secret not found")
	ErrTimeout            = errors.New("keyring operation timeout")
	ErrStorageUnavailable = errors.New("encrypted storage unavailable")
)

Common errors returned by the secrets manager

Functions ¶

This section is empty.

Types ¶

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles secure storage and retrieval of secrets

func NewManager ¶

func NewManager(fallbackDir string) *Manager

NewManager creates a new secrets manager with the specified fallback directory

func (*Manager) Delete ¶

func (m *Manager) Delete(appName string, secretType SecretType) error

Delete removes a secret from both keyring and filesystem

func (*Manager) Get ¶

func (m *Manager) Get(appName string, secretType SecretType) (string, StorageBackend, error)

Get retrieves a secret, trying keyring first then filesystem

func (*Manager) IsAvailable ¶

func (m *Manager) IsAvailable() bool

IsAvailable checks if encrypted keyring storage is available

func (*Manager) Store ¶

func (m *Manager) Store(appName string, secretType SecretType, value string) (StorageBackend, error)

Store attempts to store a secret in the OS keyring first, falling back to filesystem if keyring is unavailable. Returns the storage backend used.

type SecretType ¶

type SecretType string

SecretType identifies the type of secret being stored

const (
	// SecretTypePrivateKey represents a GitHub App RSA private key
	SecretTypePrivateKey SecretType = "private_key"
	// SecretTypeAccessToken represents a GitHub App access token
	SecretTypeAccessToken SecretType = "access_token"
	// SecretTypeInstallToken represents a GitHub App installation token
	SecretTypeInstallToken SecretType = "installation_token"
	// SecretTypePAT represents a Personal Access Token
	SecretTypePAT SecretType = "pat"
)

type StorageBackend ¶

type StorageBackend string

StorageBackend identifies where a secret is stored

const (
	// StorageBackendKeyring indicates the secret is in the OS keyring
	StorageBackendKeyring StorageBackend = "keyring"
	// StorageBackendFilesystem indicates the secret is on the filesystem
	StorageBackendFilesystem StorageBackend = "filesystem"
)

Source Files ¶

View all Source files

secrets.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL