Documentation
¶
Overview ¶
Package usecase defines the interfaces and implementations for secret management use cases. Use cases orchestrate operations between repositories and services to implement business logic for managing encrypted secrets with automatic versioning.
Package usecase implements business logic orchestration for secret management. This package coordinates between cryptographic services, repositories, and domain logic to implement secure secret storage and retrieval with automatic versioning.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DekRepository ¶
type DekRepository interface {
// Create stores a new DEK in the repository using transaction support from context.
Create(ctx context.Context, dek *cryptoDomain.Dek) error
// Get retrieves a DEK by its ID. Returns ErrDekNotFound if not found.
Get(ctx context.Context, dekID uuid.UUID) (*cryptoDomain.Dek, error)
}
DekRepository defines the interface for Data Encryption Key persistence operations.
type SecretRepository ¶
type SecretRepository interface {
// Create stores a new secret in the repository using transaction support from context.
Create(ctx context.Context, secret *secretsDomain.Secret) error
// Delete soft deletes a secret by marking it with DeletedAt timestamp.
Delete(ctx context.Context, secretID uuid.UUID) error
// GetByPath retrieves the latest version of a secret by its path. Returns ErrSecretNotFound if not found.
GetByPath(ctx context.Context, path string) (*secretsDomain.Secret, error)
// GetByPathAndVersion retrieves a specific version of a secret. Returns ErrSecretNotFound if not found.
GetByPathAndVersion(ctx context.Context, path string, version uint) (*secretsDomain.Secret, error)
}
SecretRepository defines the interface for Secret persistence operations.
type SecretUseCase ¶
type SecretUseCase interface {
// CreateOrUpdate creates a new secret or increments the version if path exists.
// Encrypts the value with a new DEK for each version. Returns the created/updated secret.
CreateOrUpdate(ctx context.Context, path string, value []byte) (*secretsDomain.Secret, error)
// Get retrieves and decrypts a secret by its path (latest version).
//
// Security Note: The returned Secret contains plaintext data in the Plaintext field.
// Callers MUST zero this data after use by calling cryptoDomain.Zero(secret.Plaintext).
Get(ctx context.Context, path string) (*secretsDomain.Secret, error)
// GetByVersion retrieves and decrypts a secret by its path and specific version.
//
// Security Note: The returned Secret contains plaintext data in the Plaintext field.
// Callers MUST zero this data after use by calling cryptoDomain.Zero(secret.Plaintext).
GetByVersion(ctx context.Context, path string, version uint) (*secretsDomain.Secret, error)
// Delete soft deletes all versions of a secret by path, marking them with DeletedAt timestamp.
// Preserves encrypted data for audit purposes while preventing future access.
Delete(ctx context.Context, path string) error
}
SecretUseCase defines the interface for secret management business logic.
func NewSecretUseCase ¶
func NewSecretUseCase( txManager database.TxManager, dekRepo DekRepository, secretRepo SecretRepository, kekChain *cryptoDomain.KekChain, aeadManager cryptoService.AEADManager, keyManager cryptoService.KeyManager, dekAlgorithm cryptoDomain.Algorithm, ) SecretUseCase
NewSecretUseCase creates a new secret use case instance with the provided dependencies.
func NewSecretUseCaseWithMetrics ¶ added in v0.3.0
func NewSecretUseCaseWithMetrics(useCase SecretUseCase, m metrics.BusinessMetrics) SecretUseCase
NewSecretUseCaseWithMetrics wraps a SecretUseCase with metrics recording.
Source Files
Directories