sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Standardize file permissions using constants and fix parameter ordering inconsistencies

Browse Source
This commit is contained in:
Jeffrey Paul
2025-05-29 13:13:44 -07:00
parent 8dc2e9d748
commit a4d7225036
9 changed files with 145 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/vault/secrets.go
View File

@@ -120,7 +120,7 @@ func (v *Vault) AddSecret(name string, value []byte, force bool) error {
// Create secret directory
secret.Debug("Creating secret directory", "secret_dir", secretDir)
if err := v.fs.MkdirAll(secretDir, 0700); err != nil {
if err := v.fs.MkdirAll(secretDir, secret.DirPerms); err != nil {
secret.Debug("Failed to create secret directory", "error", err, "secret_dir", secretDir)
return fmt.Errorf("failed to create secret directory: %w", err)
}
@@ -145,7 +145,7 @@ func (v *Vault) AddSecret(name string, value []byte, force bool) error {
// Step 2: Store the secret's public key
pubKeyPath := filepath.Join(secretDir, "pub.age")
secret.Debug("Writing secret public key", "path", pubKeyPath)
if err := afero.WriteFile(v.fs, pubKeyPath, []byte(secretPublicKey), 0600); err != nil {
if err := afero.WriteFile(v.fs, pubKeyPath, []byte(secretPublicKey), secret.FilePerms); err != nil {
secret.Debug("Failed to write secret public key", "error", err, "path", pubKeyPath)
return fmt.Errorf("failed to write secret public key: %w", err)
}
@@ -167,7 +167,7 @@ func (v *Vault) AddSecret(name string, value []byte, force bool) error {
// Step 4: Store the encrypted secret value as value.age
valuePath := filepath.Join(secretDir, "value.age")
secret.Debug("Writing encrypted secret value", "path", valuePath)
if err := afero.WriteFile(v.fs, valuePath, encryptedValue, 0600); err != nil {
if err := afero.WriteFile(v.fs, valuePath, encryptedValue, secret.FilePerms); err != nil {
secret.Debug("Failed to write encrypted secret value", "error", err, "path", valuePath)
return fmt.Errorf("failed to write encrypted secret value: %w", err)
}
@@ -209,7 +209,7 @@ func (v *Vault) AddSecret(name string, value []byte, force bool) error {
// Step 7: Store the encrypted secret private key as priv.age
privKeyPath := filepath.Join(secretDir, "priv.age")
secret.Debug("Writing encrypted secret private key", "path", privKeyPath)
if err := afero.WriteFile(v.fs, privKeyPath, encryptedPrivKey, 0600); err != nil {
if err := afero.WriteFile(v.fs, privKeyPath, encryptedPrivKey, secret.FilePerms); err != nil {
secret.Debug("Failed to write encrypted secret private key", "error", err, "path", privKeyPath)
return fmt.Errorf("failed to write encrypted secret private key: %w", err)
}
@@ -240,7 +240,7 @@ func (v *Vault) AddSecret(name string, value []byte, force bool) error {
metadataPath := filepath.Join(secretDir, "secret-metadata.json")
secret.Debug("Writing secret metadata", "path", metadataPath)
if err := afero.WriteFile(v.fs, metadataPath, metadataBytes, 0600); err != nil {
if err := afero.WriteFile(v.fs, metadataPath, metadataBytes, secret.FilePerms); err != nil {
secret.Debug("Failed to write secret metadata", "error", err, "path", metadataPath)
return fmt.Errorf("failed to write secret metadata: %w", err)
}