Documentation
¶
Overview ¶
Package secrets contains the secrets management logic for ToolHive.
Index ¶
Constants ¶
const (
// PasswordEnvVar is the environment variable used to specify the password for encrypting and decrypting secrets.
PasswordEnvVar = "TOOLHIVE_SECRETS_PASSWORD"
)
Variables ¶
var ErrUnknownManagerType = errors.New("unknown secret manager type")
ErrUnknownManagerType is returned when an invalid value for ProviderType is specified.
Functions ¶
func GetSecretsPassword ¶
GetSecretsPassword returns the password to use for encrypting and decrypting secrets. It will attempt to retrieve it from the environment variable TOOLHIVE_SECRETS_PASSWORD. If the environment variable is not set, it will prompt the user to enter a password.
func ResetKeyringSecret ¶
func ResetKeyringSecret() error
ResetKeyringSecret clears out the secret from the keystore (if present).
Types ¶
type BasicManager ¶
type BasicManager struct {
// contains filtered or unexported fields
}
BasicManager is a simple secrets manager that stores secrets in an unencrypted file. This is for testing/development purposes only.
func (*BasicManager) Cleanup ¶
func (b *BasicManager) Cleanup() error
Cleanup removes all secrets managed by this manager.
func (*BasicManager) DeleteSecret ¶
func (b *BasicManager) DeleteSecret(name string) error
DeleteSecret removes a secret from the secret store.
func (*BasicManager) GetSecret ¶
func (b *BasicManager) GetSecret(name string) (string, error)
GetSecret retrieves a secret from the secret store.
func (*BasicManager) ListSecrets ¶
func (b *BasicManager) ListSecrets() ([]string, error)
ListSecrets returns a list of all secret names stored in the manager.
func (*BasicManager) SetSecret ¶
func (b *BasicManager) SetSecret(name, value string) error
SetSecret stores a secret in the secret store.
type EncryptedManager ¶
type EncryptedManager struct {
// contains filtered or unexported fields
}
EncryptedManager stores secrets in an encrypted file. AES-256-GCM is used for encryption.
func (*EncryptedManager) Cleanup ¶
func (e *EncryptedManager) Cleanup() error
Cleanup removes all secrets managed by this manager.
func (*EncryptedManager) DeleteSecret ¶
func (e *EncryptedManager) DeleteSecret(name string) error
DeleteSecret removes a secret from the secret store.
func (*EncryptedManager) GetSecret ¶
func (e *EncryptedManager) GetSecret(name string) (string, error)
GetSecret retrieves a secret from the secret store.
func (*EncryptedManager) ListSecrets ¶
func (e *EncryptedManager) ListSecrets() ([]string, error)
ListSecrets returns a list of all secret names stored in the manager.
func (*EncryptedManager) SetSecret ¶
func (e *EncryptedManager) SetSecret(name, value string) error
SetSecret stores a secret in the secret store.
type Manager ¶
type Manager interface {
GetSecret(name string) (string, error)
SetSecret(name, value string) error
DeleteSecret(name string) error
ListSecrets() ([]string, error)
Cleanup() error
}
Manager describes a type which can manage secrets.
func CreateSecretManager ¶
func CreateSecretManager(managerType ProviderType) (Manager, error)
CreateSecretManager creates the specified type of secret manager.
func NewBasicManager ¶
NewBasicManager creates an instance of BasicManager.
type ProviderType ¶
type ProviderType string
ProviderType represents an enum of the types of available secrets providers.
const ( // BasicType represents the basic secret provider. BasicType ProviderType = "basic" // EncryptedType represents the encrypted secret provider. EncryptedType ProviderType = "encrypted" )
type SecretParameter ¶
SecretParameter represents a parsed `--secret` parameter.
func ParseSecretParameter ¶
func ParseSecretParameter(parameter string) (SecretParameter, error)
ParseSecretParameter creates an instance of SecretParameter from a string. Expected format: `<Name>,target=<Target>`.
Source Files
Directories