core

package
v0.0.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package core provides core types and utilities for the secrets plugin.

Index

Constants

View Source 
const (
	ErrCodeSecretNotFound    = "SECRET_NOT_FOUND"
	ErrCodeSecretExists      = "SECRET_EXISTS"
	ErrCodeInvalidPath       = "INVALID_PATH"
	ErrCodeInvalidValueType  = "INVALID_VALUE_TYPE"
	ErrCodeValidationFailed  = "VALIDATION_FAILED"
	ErrCodeSchemaInvalid     = "SCHEMA_INVALID"
	ErrCodeDecryptionFailed  = "DECRYPTION_FAILED"
	ErrCodeEncryptionFailed  = "ENCRYPTION_FAILED"
	ErrCodeMasterKeyRequired = "MASTER_KEY_REQUIRED"
	ErrCodeMasterKeyInvalid  = "MASTER_KEY_INVALID"
	ErrCodeSecretExpired     = "SECRET_EXPIRED"
	ErrCodeVersionNotFound   = "VERSION_NOT_FOUND"
	ErrCodeRollbackFailed    = "ROLLBACK_FAILED"
	ErrCodeAccessDenied      = "ACCESS_DENIED"
	ErrCodeInvalidRequest    = "INVALID_REQUEST"
)

Error codes for the secrets plugin.

View Source 
const (
	// MinPathLength is the minimum length for a secret path.
	MinPathLength = 1
	// MaxPathLength is the maximum length for a secret path.
	MaxPathLength = 512
	// MaxPathSegments is the maximum number of path segments.
	MaxPathSegments = 20
	// PathSeparator is the separator used in secret paths.
	PathSeparator = "/"
)

Path validation constants.

Variables

This section is empty.

Functions

func BuildTree 

func BuildTree(paths []string) map[string][]string

BuildTree builds a tree structure from a list of paths Returns a map where keys are folder paths and values are lists of secret paths.

func ConfigKeyToPath 

func ConfigKeyToPath(configKey string) string

ConfigKeyToPath converts a config key to a secret path format Example: "database.postgres.password" -> "database/postgres/password".

func ErrAccessDenied 

func ErrAccessDenied(reason string) error

ErrAccessDenied returns a forbidden error when access is denied.

func ErrAppContextRequired 

func ErrAppContextRequired() error

ErrAppContextRequired returns a bad request error when app context is missing.

func ErrDecryptionFailed 

func ErrDecryptionFailed(cause error) error

ErrDecryptionFailed returns an internal error when decryption fails.

func ErrDeserializationFailed 

func ErrDeserializationFailed(valueType string, cause error) error

ErrDeserializationFailed returns an internal error when deserialization fails.

func ErrEncryptionFailed 

func ErrEncryptionFailed(cause error) error

ErrEncryptionFailed returns an internal error when encryption fails.

func ErrEnvironmentContextRequired 

func ErrEnvironmentContextRequired() error

ErrEnvironmentContextRequired returns a bad request error when environment context is missing.

func ErrInvalidPath 

func ErrInvalidPath(path string, reason string) error

ErrInvalidPath returns a bad request error for invalid path format.

func ErrInvalidRequest 

func ErrInvalidRequest(reason string, cause error) error

ErrInvalidRequest returns a bad request error for generic invalid requests.

func ErrInvalidValueType 

func ErrInvalidValueType(valueType string) error

ErrInvalidValueType returns a bad request error for invalid value type.

func ErrMasterKeyInvalid 

func ErrMasterKeyInvalid(reason string) error

ErrMasterKeyInvalid returns an internal error when the master key format is invalid.

func ErrMasterKeyRequired 

func ErrMasterKeyRequired() error

ErrMasterKeyRequired returns an internal error when the master key is not configured.

func ErrPathRequired 

func ErrPathRequired() error

ErrPathRequired returns a bad request error when path is missing.

func ErrRollbackFailed 

func ErrRollbackFailed(reason string, cause error) error

ErrRollbackFailed returns an internal error when rollback fails.

func ErrSchemaInvalid 

func ErrSchemaInvalid(reason string, cause error) error

ErrSchemaInvalid returns a bad request error when the JSON schema is invalid.

func ErrSecretExists 

func ErrSecretExists(path string) error

ErrSecretExists returns a conflict error when a secret already exists.

func ErrSecretExpired 

func ErrSecretExpired(path string) error

ErrSecretExpired returns a gone error when the secret has expired.

func ErrSecretNotFound 

func ErrSecretNotFound(identifier string) error

ErrSecretNotFound returns a not found error for a secret.

func ErrSecretNotFoundByPath 

func ErrSecretNotFoundByPath(path string) error

ErrSecretNotFoundByPath returns a not found error for a secret by path.

func ErrSerializationFailed 

func ErrSerializationFailed(valueType string, cause error) error

ErrSerializationFailed returns an internal error when serialization fails.

func ErrValidationFailed 

func ErrValidationFailed(reason string, cause error) error

ErrValidationFailed returns a bad request error when value validation fails.

func ErrValueRequired 

func ErrValueRequired() error

ErrValueRequired returns a bad request error when value is missing.

func ErrVersionNotFound 

func ErrVersionNotFound(secretID string, version int) error

ErrVersionNotFound returns a not found error for a specific version.

func ExtractFolders 

func ExtractFolders(paths []string) []string

ExtractFolders extracts unique folder paths from a list of secret paths.

func GetAncestorPaths 

func GetAncestorPaths(path string) []string

GetAncestorPaths returns all ancestor paths for a given path Example: "a/b/c/d" returns ["a", "a/b", "a/b/c"].

func GetDepth 

func GetDepth(path string) int

GetDepth returns the depth (number of segments) of a path.

func GetKey 

func GetKey(path string) string

GetKey returns the key (last segment) from a path.

func GetParentPath 

func GetParentPath(path string) string

GetParentPath returns the parent path (everything except the last segment) Returns empty string if the path has no parent.

func IsValidPath 

func IsValidPath(path string) bool

IsValidPath checks if a path is valid without returning detailed errors.

func JoinPath 

func JoinPath(segments ...string) string

JoinPath joins path segments into a single path.

func MatchesPrefix 

func MatchesPrefix(path, prefix string) bool

MatchesPrefix checks if a path matches a given prefix Both paths are normalized before comparison.

func NormalizePath 

func NormalizePath(path string) string

NormalizePath normalizes a secret path by: - Trimming leading/trailing slashes and whitespace - Converting to lowercase - Removing consecutive slashes.

func ParsePath 

func ParsePath(path string) (segments []string, key string, err error)

ParsePath parses a secret path into segments and extracts the key (leaf node) Returns the parent segments, the key name, and any error.

func PathToConfigKey 

func PathToConfigKey(path string) string

PathToConfigKey converts a secret path to a config key format Example: "database/postgres/password" -> "database.postgres.password".

func SortByPath 

func SortByPath(paths []string)

SortByPath sorts a slice of paths in natural order (folders before files at each level).

Types

type CreateSecretRequest 

type CreateSecretRequest struct {
	Path        string         `json:"path"                  validate:"required"`
	Value       any            `json:"value"                 validate:"required"`
	ValueType   string         `json:"valueType,omitempty"` // Defaults to "plain" if not specified
	Schema      string         `json:"schema,omitempty"`    // Optional JSON Schema for validation
	Description string         `json:"description,omitempty"`
	Tags        []string       `json:"tags,omitempty"`
	Metadata    map[string]any `json:"metadata,omitempty"`
	ExpiresAt   *time.Time     `json:"expiresAt,omitempty"`
}

CreateSecretRequest is the request to create a new secret.

type GetAccessLogsQuery 

type GetAccessLogsQuery struct {
	Action   string     `json:"action,omitempty"`   // Filter by action type
	FromDate *time.Time `json:"fromDate,omitempty"` // Filter from date
	ToDate   *time.Time `json:"toDate,omitempty"`   // Filter to date
	Page     int        `json:"page,omitempty"`
	PageSize int        `json:"pageSize,omitempty"`
}

GetAccessLogsQuery defines query parameters for listing access logs.

type GetVersionsQuery 

type GetVersionsQuery struct {
	Page     int `json:"page,omitempty"`
	PageSize int `json:"pageSize,omitempty"`
}

GetVersionsQuery defines query parameters for listing secret versions.

type ListAccessLogsResponse 

type ListAccessLogsResponse struct {
	Logs       []*SecretAccessLogDTO `json:"logs"`
	Page       int                   `json:"page"`
	PageSize   int                   `json:"pageSize"`
	TotalItems int                   `json:"totalItems"`
	TotalPages int                   `json:"totalPages"`
}

ListAccessLogsResponse is the response for listing access logs.

type ListSecretsQuery 

type ListSecretsQuery struct {
	Prefix    string   `json:"prefix,omitempty"`    // Path prefix filter (e.g., "database/")
	Tags      []string `json:"tags,omitempty"`      // Tags filter (AND condition)
	ValueType string   `json:"valueType,omitempty"` // Filter by value type
	Recursive bool     `json:"recursive,omitempty"` // Include nested paths (default: true)
	Search    string   `json:"search,omitempty"`    // Search in path, description
	Page      int      `json:"page,omitempty"`      // Page number (1-based)
	PageSize  int      `json:"pageSize,omitempty"`  // Items per page
	SortBy    string   `json:"sortBy,omitempty"`    // Sort field: path, created_at, updated_at
	SortOrder string   `json:"sortOrder,omitempty"` // Sort order: asc, desc
}

ListSecretsQuery defines query parameters for listing secrets.

type ListSecretsResponse 

type ListSecretsResponse struct {
	Secrets    []*SecretDTO `json:"secrets"`
	Page       int          `json:"page"`
	PageSize   int          `json:"pageSize"`
	TotalItems int          `json:"totalItems"`
	TotalPages int          `json:"totalPages"`
}

ListSecretsResponse is the response for listing secrets.

type ListVersionsResponse 

type ListVersionsResponse struct {
	Versions   []*SecretVersionDTO `json:"versions"`
	Page       int                 `json:"page"`
	PageSize   int                 `json:"pageSize"`
	TotalItems int                 `json:"totalItems"`
	TotalPages int                 `json:"totalPages"`
}

ListVersionsResponse is the response for listing secret versions.

type RevealValueResponse 

type RevealValueResponse struct {
	Value     any    `json:"value"`
	ValueType string `json:"valueType"`
}

RevealValueResponse is the response for revealing a secret value.

type RollbackSecretRequest 

type RollbackSecretRequest struct {
	TargetVersion int    `json:"targetVersion"    validate:"required,min=1"`
	Reason        string `json:"reason,omitempty"`
}

RollbackSecretRequest is the request to rollback a secret to a previous version.

type SecretAccessLogDTO 

type SecretAccessLogDTO struct {
	ID           string    `json:"id"`
	SecretID     string    `json:"secretId"`
	Path         string    `json:"path"`
	Action       string    `json:"action"`
	AccessedBy   string    `json:"accessedBy,omitempty"`
	AccessMethod string    `json:"accessMethod"`
	IPAddress    string    `json:"ipAddress,omitempty"`
	Success      bool      `json:"success"`
	ErrorMessage string    `json:"errorMessage,omitempty"`
	CreatedAt    time.Time `json:"createdAt"`
}

SecretAccessLogDTO represents an access log entry.

type SecretDTO 

type SecretDTO struct {
	ID          string         `json:"id"`
	Path        string         `json:"path"`
	Key         string         `json:"key"`
	ValueType   string         `json:"valueType"`
	Description string         `json:"description,omitempty"`
	Tags        []string       `json:"tags,omitempty"`
	Metadata    map[string]any `json:"metadata,omitempty"`
	Version     int            `json:"version"`
	IsActive    bool           `json:"isActive"`
	HasSchema   bool           `json:"hasSchema"`
	HasExpiry   bool           `json:"hasExpiry"`
	ExpiresAt   *time.Time     `json:"expiresAt,omitempty"`
	CreatedBy   string         `json:"createdBy,omitempty"`
	UpdatedBy   string         `json:"updatedBy,omitempty"`
	CreatedAt   time.Time      `json:"createdAt"`
	UpdatedAt   time.Time      `json:"updatedAt"`
}

SecretDTO is the API response for a secret (value excluded for security).

type SecretTreeNode 

type SecretTreeNode struct {
	Name     string            `json:"name"`               // Node name (folder name or secret key)
	Path     string            `json:"path"`               // Full path to this node
	IsSecret bool              `json:"isSecret"`           // True if this is a secret, false if folder
	Secret   *SecretDTO        `json:"secret,omitempty"`   // Secret data if isSecret is true
	Children []*SecretTreeNode `json:"children,omitempty"` // Child nodes if folder
}

SecretTreeNode represents a node in the secrets tree view.

type SecretValueType 

type SecretValueType string

SecretValueType defines the type of secret value. 

const (
	// SecretValueTypePlain is a plain string value.
	SecretValueTypePlain SecretValueType = "plain"
	// SecretValueTypeJSON is a JSON object/array value.
	SecretValueTypeJSON SecretValueType = "json"
	// SecretValueTypeYAML is a YAML document value.
	SecretValueTypeYAML SecretValueType = "yaml"
	// SecretValueTypeBinary is a base64-encoded binary value.
	SecretValueTypeBinary SecretValueType = "binary"
)

func ParseSecretValueType 

func ParseSecretValueType(s string) (SecretValueType, bool)

ParseSecretValueType parses a string into a SecretValueType.

func (SecretValueType) IsValid 

func (t SecretValueType) IsValid() bool

IsValid checks if the value type is valid.

func (SecretValueType) String 

func (t SecretValueType) String() string

String returns the string representation of the value type.

type SecretVersionDTO 

type SecretVersionDTO struct {
	ID           string    `json:"id"`
	Version      int       `json:"version"`
	ValueType    string    `json:"valueType"`
	HasSchema    bool      `json:"hasSchema"`
	ChangedBy    string    `json:"changedBy,omitempty"`
	ChangeReason string    `json:"changeReason,omitempty"`
	CreatedAt    time.Time `json:"createdAt"`
}

SecretVersionDTO represents a historical version of a secret.

type SecretWithValueDTO 

type SecretWithValueDTO struct {
	SecretDTO

	Value any `json:"value"` // string, map, or slice depending on type
}

SecretWithValueDTO includes the decrypted value (for authorized access).

type StatsDTO 

type StatsDTO struct {
	TotalSecrets    int            `json:"totalSecrets"`
	TotalVersions   int            `json:"totalVersions"`
	SecretsByType   map[string]int `json:"secretsByType"`
	ExpiringSecrets int            `json:"expiringSecrets"` // Secrets expiring in next 30 days
	ExpiredSecrets  int            `json:"expiredSecrets"`
	RecentlyUpdated int            `json:"recentlyUpdated"` // Updated in last 7 days
}

StatsDTO contains statistics about secrets.

type UpdateSecretRequest 

type UpdateSecretRequest struct {
	Value        any            `json:"value,omitempty"`
	ValueType    string         `json:"valueType,omitempty"`
	Schema       string         `json:"schema,omitempty"`
	Description  string         `json:"description,omitempty"`
	Tags         []string       `json:"tags,omitempty"`
	Metadata     map[string]any `json:"metadata,omitempty"`
	ExpiresAt    *time.Time     `json:"expiresAt,omitempty"`
	ClearExpiry  bool           `json:"clearExpiry,omitempty"` // Set to true to remove expiry
	ChangeReason string         `json:"changeReason,omitempty"`
}

UpdateSecretRequest is the request to update an existing secret.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.