sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix integration tests: correct vault derivation index and debug test failures

Browse Source
This commit is contained in:
Jeffrey Paul
2025-06-09 04:54:45 -07:00
parent e036d280c0
commit 02be4b2a55
21 changed files with 2461 additions and 1191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
internal/vault/management.go
View File

@@ -8,6 +8,7 @@ import (
"time"
"git.eeqj.de/sneak/secret/internal/secret"
"git.eeqj.de/sneak/secret/pkg/agehd"
"github.com/spf13/afero"
)
@@ -202,13 +203,53 @@ func CreateVault(fs afero.Fs, stateDir string, name string) (*Vault, error) {
return nil, fmt.Errorf("failed to create unlockers directory: %w", err)
}
// Save initial vault metadata (without derivation info until a mnemonic is imported)
// Check if mnemonic is available in environment
mnemonic := os.Getenv(secret.EnvMnemonic)
var derivationIndex uint32
var publicKeyHash string
if mnemonic != "" {
secret.Debug("Mnemonic found in environment, deriving long-term key", "vault", name)
// Get the next available derivation index for this mnemonic
var err error
derivationIndex, err = GetNextDerivationIndex(fs, stateDir, mnemonic)
if err != nil {
return nil, fmt.Errorf("failed to get next derivation index: %w", err)
}
// Derive the long-term key
ltIdentity, err := agehd.DeriveIdentity(mnemonic, derivationIndex)
if err != nil {
return nil, fmt.Errorf("failed to derive long-term key: %w", err)
}
// Write the public key
ltPubKey := ltIdentity.Recipient().String()
ltPubKeyPath := filepath.Join(vaultDir, "pub.age")
if err := afero.WriteFile(fs, ltPubKeyPath, []byte(ltPubKey), secret.FilePerms); err != nil {
return nil, fmt.Errorf("failed to write long-term public key: %w", err)
}
secret.Debug("Wrote long-term public key", "path", ltPubKeyPath)
// Compute public key hash from index 0 (same for all vaults with this mnemonic)
identity0, err := agehd.DeriveIdentity(mnemonic, 0)
if err != nil {
return nil, fmt.Errorf("failed to derive identity for index 0: %w", err)
}
publicKeyHash = ComputeDoubleSHA256([]byte(identity0.Recipient().String()))
} else {
secret.Debug("No mnemonic in environment, vault created without long-term key", "vault", name)
// Use 0 for derivation index when no mnemonic is provided
derivationIndex = 0
}
// Save vault metadata
metadata := &VaultMetadata{
Name: name,
CreatedAt: time.Now(),
DerivationIndex: 0,
LongTermKeyHash: "", // Will be set when mnemonic is imported
MnemonicHash: "", // Will be set when mnemonic is imported
DerivationIndex: derivationIndex,
PublicKeyHash: publicKeyHash,
}
if err := SaveVaultMetadata(fs, vaultDir, metadata); err != nil {
return nil, fmt.Errorf("failed to save vault metadata: %w", err)