Documentation
¶
Overview ¶
Package secenv enforces a secure split between non-sensitive *vars* and *secrets*, and provides commit-safety + redaction helpers. It encodes one rule: anything not explicitly public is treated as a secret. Vars become plain_text Worker bindings (visible); secrets become secret_text (encrypted in the Worker) and are registered for log redaction.
It composes with the existing shared/secrets (encryption at rest, Doppler) and shared/sensitive (log scrubbing) packages rather than replacing them.
Index ¶
- Constants
- func Classify(env map[string]string, publicKeys []string) (vars, secrets map[string]string)
- func GitignoreCovered(gitignore string) bool
- func IsLikelySecret(key string) bool
- func PlaintextSecretWarnings(inline map[string]string) []string
- func Preflight(in PreflightInput) []string
- func RegisterSecrets(secrets map[string]string)
- type PreflightInput
Constants ¶
const PublicPrefix = "NEXT_PUBLIC_"
PublicPrefix marks env vars that are intentionally public (Next.js inlines these into the client bundle, so they are never secret).
Variables ¶
This section is empty.
Functions ¶
func Classify ¶
Classify splits env into vars (public) and secrets. A key is a var iff it has the NEXT_PUBLIC_ prefix or is listed in publicKeys; everything else is a secret. Secure-by-default: an unrecognized key is treated as a secret, not leaked as a visible plain_text binding. Returned maps are never nil.
func GitignoreCovered ¶
GitignoreCovered reports whether the given .gitignore content ignores env files. Accepts the raw file content; returns false when env files could be committed (so the caller can warn).
func IsLikelySecret ¶
IsLikelySecret reports whether a key name looks sensitive (used for commit-safety warnings, not classification).
func PlaintextSecretWarnings ¶
PlaintextSecretWarnings flags keys in an inline (e.g. committed-YAML) map that look like secrets and therefore should not be stored in plaintext. Returns sorted human-readable warnings.
func Preflight ¶
func Preflight(in PreflightInput) []string
Preflight returns non-fatal security warnings about secret hygiene: a committable .env, secret-looking values stored in plaintext, and (when neither a managed store is in use) a nudge toward Doppler or Cloudflare Secret Store. Empty slice means all clear.
func RegisterSecrets ¶
RegisterSecrets registers every secret value with the sensitive package so it is scrubbed from any logged output. Call before any deploy logging.
Types ¶
type PreflightInput ¶
type PreflightInput struct {
Gitignore string // .gitignore content ("" if absent)
HasEnvFile bool // a .env file exists on disk
PlainText map[string]string // declared plain_text bindings (name→value)
UsingDoppler bool // Doppler is configured/active
UsingSecretStore bool // a CF Secret Store binding is declared
}
PreflightInput aggregates what the secret-hygiene check needs. All fields are optional; zero values simply skip the corresponding check.