Documentation
¶
Overview ¶
Package secrets provides an abstraction layer for fetching sensitive credentials from various secret management backends (Infisical, environment variables, etc.).
This package follows a provider pattern, allowing the application to switch between different secret backends without changing application code.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type EnvProvider ¶
type EnvProvider struct{}
EnvProvider fetches secrets from environment variables. This is used as a fallback for local development, testing, or legacy deployments.
WARNING: This provider reads secrets directly from environment variables. For production use, prefer InfisicalProvider for better security and auditability.
func NewEnvProvider ¶
func NewEnvProvider() *EnvProvider
NewEnvProvider creates a new environment variable secret provider.
func (*EnvProvider) GetSecrets ¶
GetSecrets fetches secrets from environment variables. The environment parameter is ignored since env vars don't support multi-environment.
func (*EnvProvider) Name ¶
func (p *EnvProvider) Name() string
Name returns the provider name for logging purposes.
type InfisicalProvider ¶
type InfisicalProvider struct {
// contains filtered or unexported fields
}
InfisicalProvider fetches secrets from Infisical using Machine Identity authentication. It implements the Provider interface for secret management.
func NewInfisicalProvider ¶
func NewInfisicalProvider(cfg ProviderConfig) (*InfisicalProvider, error)
NewInfisicalProvider creates a new Infisical secret provider. It requires valid Machine Identity credentials (client ID and secret).
func (*InfisicalProvider) GetSecrets ¶
func (p *InfisicalProvider) GetSecrets(ctx context.Context, environment string) (*config.Secrets, error)
GetSecrets fetches all required secrets from Infisical for the specified environment. The environment parameter should match your Infisical environment slug (dev, staging, prod).
func (*InfisicalProvider) Name ¶
func (p *InfisicalProvider) Name() string
Name returns the provider name for logging purposes.
type Provider ¶
type Provider interface {
// GetSecrets fetches all required secrets for the specified environment.
// The environment parameter maps to Infisical environments (dev, staging, prod).
GetSecrets(ctx context.Context, environment string) (*config.Secrets, error)
// Name returns the provider name for logging purposes.
Name() string
}
Provider defines the interface for fetching secrets from a backend. Implementations should handle authentication and caching as appropriate.
func NewProviderFromEnv ¶
NewProviderFromEnv creates a new secret provider based on environment configuration. It returns an Infisical provider if credentials are available, otherwise falls back to env. Set USE_ENV_SECRETS=true to force environment variable fallback (useful for testing/local dev).
type ProviderConfig ¶
type ProviderConfig struct {
// Infisical configuration
InfisicalClientID string
InfisicalClientSecret string
InfisicalProjectID string
InfisicalSiteURL string // Optional: defaults to https://app.infisical.com
// Environment fallback (for testing/legacy support)
UseEnvFallback bool
}
ProviderConfig holds configuration for secret providers.
Source Files