Documentation
¶
Overview ¶
Package ward provides the application engine layer between the CLI and the secrets package. All orchestration logic lives here; the CLI layer only handles flag parsing and output formatting.
Index ¶
- type Encryptor
- type Engine
- func (e *Engine) Decrypt(path string) ([]byte, error)
- func (e *Engine) Encrypt(path string, plaintext []byte) error
- func (e *Engine) EnvVars(r *MergeResult, prefixed bool) (map[string]secrets.EnvEntry, error)
- func (e *Engine) EnvVarsMap(r *MergeResult, prefixed bool) (map[string]string, error)
- func (e *Engine) EnvVarsPrefer(r *MergeResult, prefixed bool, preferPrefix string) (map[string]secrets.EnvEntry, error)
- func (e *Engine) GetAtPath(r *MergeResult, dotPath string) (*secrets.Node, error)
- func (e *Engine) Inspect() error
- func (e *Engine) Merge() (*MergeResult, error)
- func (e *Engine) MergeForView() (*MergeResult, error)
- func (e *Engine) MergeScoped(scopePrefix string) (*MergeResult, error)
- func (e *Engine) SourcePaths() []string
- type MergeResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Encryptor ¶
Encrypt writes content back to path using the configured encryptor. For SopsDecryptor this calls "sops encrypt"; for MockDecryptor it writes plain.
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine orchestrates secret discovery, loading, merging and env-var resolution. The zero value is not usable; construct via NewEngine.
func (*Engine) Decrypt ¶
Decrypt returns the plain-text YAML bytes of a .ward file using the configured decryptor. For plain (unencrypted) files this is a passthrough.
func (*Engine) Encrypt ¶
Encrypt re-encrypts plaintext and writes it to path. Falls back to a plain write when no real encryptor is configured.
func (*Engine) EnvVars ¶
EnvVars resolves env vars from the merged result. Flat leaf names (DATABASE_URL), or full path if --prefixed.
func (*Engine) EnvVarsMap ¶
EnvVarsMap is like EnvVars but returns plain string values (for injection into a child process environment).
func (*Engine) EnvVarsPrefer ¶
func (e *Engine) EnvVarsPrefer(r *MergeResult, prefixed bool, preferPrefix string) (map[string]secrets.EnvEntry, error)
EnvVarsPrefer is like EnvVars but resolves env var collisions in favour of entries whose dot-path is under preferPrefix. All other vars from the full tree are still included.
func (*Engine) GetAtPath ¶
GetAtPath navigates the merged tree by dot-path and returns the node at that location, or an error if the path does not exist.
func (*Engine) Inspect ¶
Inspect runs a conflict-only merge and returns a ConflictError if any conflicts exist, or nil when the set of files is clean.
func (*Engine) Merge ¶
func (e *Engine) Merge() (*MergeResult, error)
Merge loads all .ward files from all vaults and merges them using the on_conflict mode from the configuration. Merge loads all vaults and merges them. Any conflict is an error.
func (*Engine) MergeForView ¶
func (e *Engine) MergeForView() (*MergeResult, error)
MergeForView is like Merge but always produces a complete tree even when conflicts exist. Conflict information is attached to the result so the presentation layer can highlight conflicting keys.
func (*Engine) MergeScoped ¶
func (e *Engine) MergeScoped(scopePrefix string) (*MergeResult, error)
MergeScoped is like Merge but scopes conflict detection to a dot-path prefix. Conflicts outside that prefix are silently resolved so the scoped path can be used without being blocked by unrelated conflicts.
func (*Engine) SourcePaths ¶
SourcePaths returns the configured source directory paths.
type MergeResult ¶
type MergeResult struct {
Tree map[string]*secrets.Node
ConflictErr *secrets.ConflictError // non-nil only when called via MergeForView
}
MergeResult is the outcome of a load-and-merge operation.