sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix integration tests: correct vault derivation index and debug test failures

Browse Source
This commit is contained in:
Jeffrey Paul
2025-06-09 04:54:45 -07:00
parent e036d280c0
commit 02be4b2a55
21 changed files with 2461 additions and 1191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@@ -175,13 +175,16 @@ Decrypts data using an Age key stored as a secret.
│ │ │ └── database%password/ # Secret: database/password
│ │ │ ├── versions/
│ │ │ └── current -> versions/20231215.001
│ │ ├── vault-metadata.json # Vault metadata
│ │ ├── pub.age # Long-term public key
│ │ └── current-unlocker -> ../unlockers.d/passphrase
│ └── work/
│ ├── unlockers.d/
│ ├── secrets.d/
│ ├── vault-metadata.json
│ ├── pub.age
│ └── current-unlocker
── currentvault -> vaults.d/default
└── configuration.json
── currentvault -> vaults.d/default
```
### Key Management and Encryption Flow
@@ -309,11 +312,17 @@ secret decrypt encryption/mykey --input document.txt.age --output document.txt
- **Encryption**: Age (X25519 + ChaCha20-Poly1305)
- **Key Exchange**: X25519 elliptic curve Diffie-Hellman
- **Authentication**: Poly1305 MAC
- **Hashing**: Double SHA-256 for public key identification
### File Formats
- **Age Files**: Standard Age encryption format (.age extension)
- **Metadata**: JSON format with timestamps and type information
- **Configuration**: JSON configuration files
- **Vault Metadata**: JSON containing vault name, creation time, derivation index, and public key hash
### Vault Management
- **Derivation Index**: Each vault uses a unique derivation index from the mnemonic
- **Public Key Hash**: Double SHA-256 hash of the index-0 public key identifies vaults from the same mnemonic
- **Automatic Key Derivation**: When creating vaults with a mnemonic, keys are automatically derived
### Cross-Platform Support
- **macOS**: Full support including Keychain integration
@@ -351,8 +360,9 @@ make lint # Run linter
### Testing
The project includes comprehensive tests:
```bash
./test_secret_manager.sh # Full integration test suite
go test ./... # Unit tests
make test # Run all tests
go test ./... # Unit tests
go test -tags=integration -v ./internal/cli # Integration tests
```
## Features