secrets

package

v0.9.0 Latest Latest Go to latest Published: Apr 9, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AnubisWatch/anubiswatch

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DecodeKey(encoded string) ([]byte, error)
func EncodeKey(key []byte) string
func GenerateKey() ([]byte, error)
func SecureCompare(a, b string) bool
type EnvProvider
- func NewEnvProvider(prefix string) *EnvProvider
- func (p *EnvProvider) Get(name string) (string, bool)
type Manager
- func NewManager(storageDir string, masterKey []byte) (*Manager, error)
type Secret

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrSecretNotFound = errors.New("secret not found")
	ErrInvalidKey     = errors.New("invalid encryption key")
	ErrAlreadyExists  = errors.New("secret already exists")
)

Functions ¶

func DecodeKey ¶

func DecodeKey(encoded string) ([]byte, error)

DecodeKey decodes a key from base64 string

func EncodeKey ¶

func EncodeKey(key []byte) string

EncodeKey encodes a key to base64 string

func GenerateKey ¶

func GenerateKey() ([]byte, error)

GenerateKey generates a new random 32-byte key

func SecureCompare ¶

func SecureCompare(a, b string) bool

SecureCompare performs constant-time comparison of two strings

Types ¶

type EnvProvider ¶

type EnvProvider struct {
	// contains filtered or unexported fields
}

EnvProvider loads secrets from environment variables

func NewEnvProvider ¶

func NewEnvProvider(prefix string) *EnvProvider

NewEnvProvider creates an environment-based secret provider

func (*EnvProvider) Get ¶

func (p *EnvProvider) Get(name string) (string, bool)

Get retrieves a secret from environment

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles secure storage and retrieval of secrets

func NewManager ¶

func NewManager(storageDir string, masterKey []byte) (*Manager, error)

NewManager creates a new secrets manager

func (*Manager) Delete ¶

func (m *Manager) Delete(name string) error

Delete removes a secret

func (*Manager) List ¶

func (m *Manager) List() []string

List returns all secret names

func (*Manager) Retrieve ¶

func (m *Manager) Retrieve(name string) ([]byte, map[string]string, error)

Retrieve gets a secret by name

func (*Manager) RotateKey ¶

func (m *Manager) RotateKey(newKey []byte) error

RotateKey re-encrypts all secrets with a new master key

func (*Manager) Store ¶

func (m *Manager) Store(name string, value []byte, metadata map[string]string) error

Store saves a secret securely

func (*Manager) Update ¶

func (m *Manager) Update(name string, value []byte, metadata map[string]string) error

Update modifies an existing secret

type Secret ¶

type Secret struct {
	Name      string            `json:"name"`
	Encrypted []byte            `json:"encrypted"`
	Nonce     []byte            `json:"nonce"`
	Salt      []byte            `json:"salt"`
	Metadata  map[string]string `json:"metadata,omitempty"`
	Version   int               `json:"version"`
}

Secret represents an encrypted secret value

Source Files ¶

View all Source files

manager.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL