keepcmd

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package keepcmd provides reusable keeper command operations decoupled from any specific CLI framework or application. Callers supply a StoreFactory and an Output implementation; keepcmd handles all business logic.

Passphrase resolution is entirely the caller's responsibility — keepcmd never prompts for input directly. This keeps the package safe in headless server contexts where no terminal exists.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BackupOptions 

type BackupOptions struct {
	// Dest is the file path to write the backup. If empty, a timestamped
	// name is generated in the current directory.
	Dest string
}

BackupOptions controls the Backup operation.

type Commands 

type Commands struct {
	// Store is called once per operation to obtain the store.
	Store StoreFactory

	// Out handles all display output.
	Out Output

	// NoClose prevents Commands from calling store.Close() after each
	// operation. Set this to true when the caller owns the store lifecycle
	// (e.g. a REPL session that opens the store once and reuses it).
	NoClose bool

	// Bucket selects the named bucket for Get/Set/Delete/List operations.
	// Empty string means the default bucket (keeper's DefaultScheme /
	// DefaultNamespace). Set this to route operations to a specific bucket
	// without changing the key strings themselves.
	//
	// For path-based keys ("vault://system/jwt_secret") the CLI layer should
	// parse the scheme and namespace out of the key string and set this field
	// before calling the operation.
	Bucket string
}

Commands holds all keeper CLI operations. Construct one with a StoreFactory and an Output. Neither field may be nil.

func (*Commands) Backup 

func (c *Commands) Backup(opts BackupOptions) error

Backup streams a consistent snapshot of the database to opts.Dest. If opts.Dest is empty a timestamped filename is used.

func (*Commands) Delete 

func (c *Commands) Delete(key string) error

Delete removes key from the store. The caller is responsible for obtaining confirmation before calling Delete.

func (*Commands) Get 

func (c *Commands) Get(key string) error

Get retrieves and displays the value for key.

func (*Commands) List 

func (c *Commands) List() error

List prints all secret keys in the configured bucket.

func (*Commands) Rotate 

func (c *Commands) Rotate(newPassphrase []byte) error

Rotate re-encrypts all LevelPasswordOnly secrets under newPassphrase. The store must already be unlocked. newPassphrase is NOT zeroed by this method — the caller owns it and must zero it when done.

func (*Commands) RotateSalt 

func (c *Commands) RotateSalt(currentPassphrase []byte) error

RotateSalt re-derives the master key under a new random KDF salt and re-encrypts all LevelPasswordOnly secrets. currentPassphrase is NOT zeroed by this method — the caller owns it and must zero it when done.

func (*Commands) Set 

func (c *Commands) Set(key, value string, opts SetOptions) error

Set stores a value for key according to opts.

func (*Commands) Status 

func (c *Commands) Status() error

Status prints whether the store is locked or unlocked.

type Output 

type Output interface {
	// Table renders a header row followed by data rows.
	Table(headers []string, rows [][]string)
	// KeyValue prints a single labelled value.
	KeyValue(label, value string)
	// Success prints a success message.
	Success(msg string)
	// Info prints an informational message.
	Info(msg string)
	// Error prints an error message without terminating.
	Error(msg string)
}

Output is the display contract keepcmd writes to. Implementations can render to a terminal, a test buffer, or anywhere else.

type PlainOutput 

type PlainOutput struct{}

PlainOutput writes plain text to stdout. It is the default used by the standalone binary when not in interactive/TUI mode.

func (PlainOutput) Error 

func (p PlainOutput) Error(msg string)

Error prints a prefixed error message.

func (PlainOutput) Info 

func (p PlainOutput) Info(msg string)

Info prints a prefixed informational message.

func (PlainOutput) KeyValue 

func (p PlainOutput) KeyValue(label, value string)

KeyValue prints "label: value".

func (PlainOutput) Success 

func (p PlainOutput) Success(msg string)

Success prints a prefixed success message.

func (PlainOutput) Table 

func (p PlainOutput) Table(headers []string, rows [][]string)

Table renders headers and rows as a simple fixed-width table.

type SetOptions 

type SetOptions struct {
	// FromFile reads the value from this path instead of Value.
	FromFile string
	// Base64 decodes Value as standard base64 before storing.
	Base64 bool
}

SetOptions controls how Set stores a value.

type StoreFactory 

type StoreFactory func() (*keeper.Keeper, error)

StoreFactory opens and returns a keeper.Keeper. For most operations the store must be unlocked; for Status it may be locked. When NoClose is false (the default), Commands calls store.Close() after each operation — the store returned by StoreFactory is treated as ephemeral. When NoClose is true, Commands never calls Close; the caller owns the lifecycle. Use NoClose in REPL / session contexts where one store is shared across many operations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.