usecase

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package usecase defines the interfaces and implementations for secret management use cases. Use cases orchestrate operations between repositories and services to implement business logic for managing encrypted secrets with automatic versioning.

Package usecase implements business logic orchestration for secret management. This package coordinates between cryptographic services, repositories, and domain logic to implement secure secret storage and retrieval with automatic versioning.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DekRepository 

type DekRepository interface {
	// Create stores a new DEK in the repository using transaction support from context.
	Create(ctx context.Context, dek *cryptoDomain.Dek) error

	// Get retrieves a DEK by its ID. Returns ErrDekNotFound if not found.
	Get(ctx context.Context, dekID uuid.UUID) (*cryptoDomain.Dek, error)
}

DekRepository defines the interface for Data Encryption Key persistence operations.

type SecretRepository 

type SecretRepository interface {
	// Create stores a new secret in the repository using transaction support from context.
	Create(ctx context.Context, secret *secretsDomain.Secret) error

	// Delete soft deletes all versions of a secret by path, marking them with DeletedAt timestamp.
	Delete(ctx context.Context, path string) error

	// GetByPath retrieves the latest version of a secret by its path. Returns ErrSecretNotFound if not found.
	GetByPath(ctx context.Context, path string) (*secretsDomain.Secret, error)

	// GetByPathAndVersion retrieves a specific version of a secret. Returns ErrSecretNotFound if not found.
	GetByPathAndVersion(ctx context.Context, path string, version uint) (*secretsDomain.Secret, error)

	// ListCursor retrieves secrets ordered by path ascending with cursor-based pagination.
	// If afterPath is provided, returns secrets with path greater than afterPath (ASC order).
	// Returns the latest version for each secret. Filters out soft-deleted secrets.
	// Returns empty slice if no secrets found. Limit is pre-validated (1-1000).
	ListCursor(ctx context.Context, afterPath *string, limit int) ([]*secretsDomain.Secret, error)

	// HardDelete permanently removes soft-deleted secrets older than the specified time.
	// Only affects secrets where deleted_at IS NOT NULL.
	// If dryRun is true, returns count without performing deletion.
	// Returns the number of secrets that were (or would be) deleted.
	HardDelete(ctx context.Context, olderThan time.Time, dryRun bool) (int64, error)
}

SecretRepository defines the interface for Secret persistence operations.

type SecretUseCase 

type SecretUseCase interface {
	// CreateOrUpdate creates a new secret or increments the version if path exists.
	// Encrypts the value with a new DEK for each version. Returns the created/updated secret.
	CreateOrUpdate(ctx context.Context, path string, value []byte) (*secretsDomain.Secret, error)

	// Get retrieves and decrypts a secret by its path (latest version).
	//
	// Security Note: The returned Secret contains plaintext data in the Plaintext field.
	// Callers MUST zero this data after use by calling cryptoDomain.Zero(secret.Plaintext).
	Get(ctx context.Context, path string) (*secretsDomain.Secret, error)

	// GetByVersion retrieves and decrypts a secret by its path and specific version.
	//
	// Security Note: The returned Secret contains plaintext data in the Plaintext field.
	// Callers MUST zero this data after use by calling cryptoDomain.Zero(secret.Plaintext).
	GetByVersion(ctx context.Context, path string, version uint) (*secretsDomain.Secret, error)

	// Delete soft deletes all versions of a secret by path, marking them with DeletedAt timestamp.
	// Preserves encrypted data for audit purposes while preventing future access.
	Delete(ctx context.Context, path string) error

	// ListCursor retrieves secrets ordered by path ascending with cursor-based pagination.
	// If afterPath is provided, returns secrets with path greater than afterPath (ASC order).
	// Returns secrets without their values. Filters out soft-deleted secrets.
	// Returns empty slice if no secrets found. Limit is pre-validated (1-1000).
	ListCursor(ctx context.Context, afterPath *string, limit int) ([]*secretsDomain.Secret, error)

	// PurgeDeleted permanently removes soft-deleted secrets older than specified days.
	// If dryRun is true, returns count without performing deletion.
	// Returns the number of secrets that were (or would be) deleted.
	PurgeDeleted(ctx context.Context, olderThanDays int, dryRun bool) (int64, error)
}

SecretUseCase defines the interface for secret management business logic.

func NewSecretUseCase 

func NewSecretUseCase(
	txManager database.TxManager,
	dekRepo DekRepository,
	secretRepo SecretRepository,
	kekChain *cryptoDomain.KekChain,
	aeadManager cryptoService.AEADManager,
	keyManager cryptoService.KeyManager,
	dekAlgorithm cryptoDomain.Algorithm,
) SecretUseCase

NewSecretUseCase creates a new secret use case instance with the provided dependencies.

func NewSecretUseCaseWithMetrics added in v0.3.0 

func NewSecretUseCaseWithMetrics(useCase SecretUseCase, m metrics.BusinessMetrics) SecretUseCase

NewSecretUseCaseWithMetrics wraps a SecretUseCase with metrics recording.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.