kms

package

v1.36.4 Latest Latest Go to latest Published: Mar 10, 2026 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hanzoai/commerce

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kms provides a thin HTTP client for KMS (Infisical-compatible) secret management.

Index ¶

func Hydrate(cc *CachedClient, org *organization.Organization) error
type CachedClient
- func NewCachedClient(client *Client) *CachedClient
- func (cc *CachedClient) Client() *Client
- func (cc *CachedClient) GetSecret(secretPath, secretName string) (string, error)
type Client
- func NewClient(cfg *Config) *Client
- func (c *Client) GetSecretRaw(secretPath, secretName string) (string, error)
- func (c *Client) SetSecret(secretPath, secretName, secretValue string) error
type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Hydrate ¶

func Hydrate(cc *CachedClient, org *organization.Organization) error

Hydrate fetches all provider credentials from KMS and populates the org's integration fields. Missing secrets are silently skipped (not every org uses every provider). Only KMS communication failures are returned as errors.

Types ¶

type CachedClient ¶

type CachedClient struct {
	// contains filtered or unexported fields
}

CachedClient wraps a KMS Client with a TTL cache.

func NewCachedClient ¶

func NewCachedClient(client *Client) *CachedClient

NewCachedClient creates a CachedClient wrapping the given KMS Client.

func (*CachedClient) Client ¶

func (cc *CachedClient) Client() *Client

Client returns the underlying KMS client (for write operations like SetSecret).

func (*CachedClient) GetSecret ¶

func (cc *CachedClient) GetSecret(secretPath, secretName string) (string, error)

GetSecret retrieves a secret, using the cache when possible. On KMS failure, stale cache entries are served with an extended TTL.

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a thin HTTP client wrapping the KMS REST API.

func NewClient ¶

func NewClient(cfg *Config) *Client

NewClient creates a new KMS client.

func (*Client) GetSecretRaw ¶

func (c *Client) GetSecretRaw(secretPath, secretName string) (string, error)

GetSecretRaw fetches a secret from KMS by path and name.

func (*Client) SetSecret ¶

func (c *Client) SetSecret(secretPath, secretName, secretValue string) error

SetSecret writes a secret to KMS at the given path.

type Config ¶

type Config struct {
	Enabled      bool
	URL          string
	ClientID     string
	ClientSecret string
	ProjectID    string
	Environment  string
}

Config holds KMS client configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL