env

package

v0.13.0 Latest Latest Go to latest Published: May 19, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/yogasw/wick

Links

Open Source Insights

Documentation ¶

Overview ¶

Package env validates and resolves the workflow's env schema + values. The Env namespace ({{.Env.X}}) carries non-secret config; the Secret namespace ({{.Secret.X}}) decrypts wick_enc_ tokens at run time. Plain helpers + leak guard, no filesystem.

Index ¶

Constants
func LeakGuard(rendered string, secrets map[string]string) error
func MarshalYAMLFile(values map[string]string) ([]byte, error)
func OrphanKeys(schema []workflow.EnvField, values map[string]string) []string
func ResolveSecrets(schema []workflow.EnvField, values map[string]string, dec SecretDecryptor) (envMap, secrets map[string]string, err error)
func UnmarshalYAMLFile(data []byte, out *map[string]string) error
func ValidateValues(schema []workflow.EnvField, values map[string]string) error
type NoopDecryptor
- func (NoopDecryptor) Decrypt(token string) (string, error)
type SecretDecryptor

Constants ¶

View Source

const (
	WidgetText     = "text"
	WidgetTextarea = "textarea"
	WidgetSecret   = "secret"
	WidgetNumber   = "number"
	WidgetCheckbox = "checkbox"
	WidgetDropdown = "dropdown"
	WidgetEmail    = "email"
	WidgetURL      = "url"
	WidgetColor    = "color"
	WidgetDate     = "date"
	WidgetDateTime = "datetime"
	WidgetKVList   = "kvlist"
	WidgetPicker   = "picker"
)

Widget values mirror config-tags vocab.

Variables ¶

This section is empty.

Functions ¶

func LeakGuard ¶

func LeakGuard(rendered string, secrets map[string]string) error

LeakGuard renders a template and reports if any rendered segment contains a known secret value verbatim.

func MarshalYAMLFile ¶

func MarshalYAMLFile(values map[string]string) ([]byte, error)

MarshalYAMLFile serializes values map to env.yaml bytes.

func OrphanKeys ¶

func OrphanKeys(schema []workflow.EnvField, values map[string]string) []string

OrphanKeys returns values entries not declared in schema.

func ResolveSecrets ¶

func ResolveSecrets(schema []workflow.EnvField, values map[string]string, dec SecretDecryptor) (envMap, secrets map[string]string, err error)

ResolveSecrets splits the flat env values map into a plain Env map and a Secret map.

func UnmarshalYAMLFile ¶

func UnmarshalYAMLFile(data []byte, out *map[string]string) error

UnmarshalYAMLFile decodes env.yaml bytes into a plain string→string map. Accepts both legacy plain-map form and the {values: {...}} envelope.

func ValidateValues ¶

func ValidateValues(schema []workflow.EnvField, values map[string]string) error

ValidateValues checks values against schema. Returns an aggregate error describing every missing/required/type problem so the UI can render all at once.

Types ¶

type NoopDecryptor ¶

type NoopDecryptor struct{}

NoopDecryptor returns tokens unchanged.

func (NoopDecryptor) Decrypt ¶

func (NoopDecryptor) Decrypt(token string) (string, error)

Decrypt is a passthrough.

type SecretDecryptor ¶

type SecretDecryptor interface {
	Decrypt(token string) (string, error)
}

SecretDecryptor unwraps a wick_enc_ token. Engine wires this from the existing encrypted-fields service; pass a NoopDecryptor for tests.

Source Files ¶

View all Source files

env.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL