sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Switch from relative paths to bare names in pointer files

Browse Source 
- currentvault now contains just the vault name (e.g., "default")
- current-unlocker now contains just the unlocker name (e.g., "passphrase")
- current version file now contains just the version (e.g., "20231215.001")
- Resolution functions prepend the appropriate directory prefix
This commit is contained in:
Jeffrey Paul
2025-12-23 13:43:10 +07:00
parent 949a5aee61
commit 20690ba652
7 changed files with 50 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
internal/vault/unlockers.go
View File

@@ -99,23 +99,23 @@ func (v *Vault) GetCurrentUnlocker() (secret.Unlocker, error) {
}
// resolveUnlockerDirectory reads the current-unlocker file to get the unlocker directory path
// The file contains a relative path to the unlocker directory
// The file contains just the unlocker name (e.g., "passphrase")
func (v *Vault) resolveUnlockerDirectory(currentUnlockerPath string) (string, error) {
secret.Debug("Reading current-unlocker file", "path", currentUnlockerPath)
unlockerDirBytes, err := afero.ReadFile(v.fs, currentUnlockerPath)
unlockerNameBytes, err := afero.ReadFile(v.fs, currentUnlockerPath)
if err != nil {
secret.Debug("Failed to read current-unlocker file", "error", err, "path", currentUnlockerPath)
return "", fmt.Errorf("failed to read current unlocker: %w", err)
}
relativePath := strings.TrimSpace(string(unlockerDirBytes))
secret.Debug("Read relative path from file", "relative_path", relativePath)
unlockerName := strings.TrimSpace(string(unlockerNameBytes))
secret.Debug("Read unlocker name from file", "unlocker_name", unlockerName)
// Resolve to absolute path relative to the vault directory
// Resolve to absolute path: vaultDir/unlockers.d/unlockerName
vaultDir := filepath.Dir(currentUnlockerPath)
absolutePath := filepath.Join(vaultDir, relativePath)
absolutePath := filepath.Join(vaultDir, "unlockers.d", unlockerName)
secret.Debug("Resolved to absolute path", "absolute_path", absolutePath)
@@ -277,7 +277,7 @@ func (v *Vault) SelectUnlocker(unlockerID string) error {
return fmt.Errorf("unlocker with ID %s not found", unlockerID)
}
// Create/update current-unlocker file with relative path
// Create/update current-unlocker file with just the unlocker name
currentUnlockerPath := filepath.Join(vaultDir, "current-unlocker")
// Remove existing file if it exists
@@ -289,15 +289,12 @@ func (v *Vault) SelectUnlocker(unlockerID string) error {
}
}
// Compute relative path from vault directory to unlocker directory
relativePath, err := filepath.Rel(vaultDir, targetUnlockerDir)
if err != nil {
return fmt.Errorf("failed to compute relative path: %w", err)
}
// Get just the unlocker name (basename of the directory)
unlockerName := filepath.Base(targetUnlockerDir)
// Write the relative path to the file
secret.Debug("Writing current-unlocker file", "relative_path", relativePath)
if err := afero.WriteFile(v.fs, currentUnlockerPath, []byte(relativePath), secret.FilePerms); err != nil {
// Write just the unlocker name to the file
secret.Debug("Writing current-unlocker file", "unlocker_name", unlockerName)
if err := afero.WriteFile(v.fs, currentUnlockerPath, []byte(unlockerName), secret.FilePerms); err != nil {
return fmt.Errorf("failed to create current-unlocker file: %w", err)
}