README
¶
Secret Management
Secure secret management for HotPlex.
Usage
import "github.com/hrygo/hotplex/internal/secrets"
// Create manager with environment provider
manager := secrets.NewManager(
secrets.WithTTL(5 * time.Minute),
)
manager.AddProvider(secrets.NewEnvProvider())
// Get secret
token, err := manager.Get(ctx, "SLACK_BOT_TOKEN")
// Set secret (for current process)
err = manager.Set(ctx, "MY_SECRET", "value")
// Clear cache (e.g., after secret rotation)
manager.ClearCache()
Providers
EnvProvider
Uses environment variables. Default provider.
FileProvider (TODO)
Encrypted file-based storage.
VaultProvider (TODO)
HashiCorp Vault integration.
AWSSecretsProvider (TODO)
AWS Secrets Manager integration.
Security Notes
- Secrets are cached in memory with TTL
- Cache is cleared on secret rotation
- Multiple providers can be chained
- First provider wins (priority order)
Migration from .env
- Keep .env for local development
- Use secrets manager in production
- Rotate secrets regularly
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnvProvider ¶
type EnvProvider struct{}
EnvProvider implements Provider using environment variables
func NewEnvProvider ¶
func NewEnvProvider() *EnvProvider
NewEnvProvider creates a new environment variable provider
func (*EnvProvider) Delete ¶
func (p *EnvProvider) Delete(ctx context.Context, key string) error
Delete removes an environment variable (only for current process)
type FileProvider ¶
type FileProvider struct {
// contains filtered or unexported fields
}
FileProvider implements Provider using encrypted files
func NewFileProvider ¶
func NewFileProvider(path string) *FileProvider
NewFileProvider creates a new file-based provider
func (*FileProvider) Delete ¶
func (p *FileProvider) Delete(ctx context.Context, key string) error
Delete removes a secret from file
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager manages multiple secret providers with caching
func NewManager ¶
func NewManager(opts ...ManagerOption) *Manager
NewManager creates a new secret manager
func (*Manager) AddProvider ¶
AddProvider adds a secret provider (priority order)
type Provider ¶
type Provider interface {
// Get retrieves a secret by key
Get(ctx context.Context, key string) (string, error)
// Set stores a secret
Set(ctx context.Context, key, value string) error
// Delete removes a secret
Delete(ctx context.Context, key string) error
}
Provider defines the interface for secret providers
type VaultProvider ¶
type VaultProvider struct {
// contains filtered or unexported fields
}
VaultProvider implements Provider using HashiCorp Vault
func NewVaultProvider ¶
func NewVaultProvider(opts ...VaultProviderOption) *VaultProvider
NewVaultProvider creates a new Vault provider
func (*VaultProvider) Delete ¶
func (p *VaultProvider) Delete(ctx context.Context, key string) error
Delete removes a secret from Vault
type VaultProviderOption ¶
type VaultProviderOption func(*VaultProvider)
VaultProviderOption configures VaultProvider
func WithVaultAddress ¶
func WithVaultAddress(addr string) VaultProviderOption
WithVaultAddress sets the Vault server address
func WithVaultToken ¶
func WithVaultToken(token string) VaultProviderOption
WithVaultToken sets the Vault authentication token
Source Files