Refactor vault functionality to dedicated package, fix import cycles with interface pattern, fix tests

internal/cli/crypto.go

@@ -7,6 +7,7 @@ import (
 
 	"filippo.io/age"
 	"git.eeqj.de/sneak/secret/internal/secret"
+	"git.eeqj.de/sneak/secret/internal/vault"
 	"github.com/spf13/cobra"
 )
 
@@ -53,7 +54,7 @@ func newDecryptCmd() *cobra.Command {
 // Encrypt encrypts data using an age secret key stored in a secret
 func (cli *CLIInstance) Encrypt(secretName, inputFile, outputFile string) error {
 	// Get current vault
-	vault, err := secret.GetCurrentVault(cli.fs, cli.stateDir)
+	vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
 	if err != nil {
 		return err
 	}
@@ -61,7 +62,7 @@ func (cli *CLIInstance) Encrypt(secretName, inputFile, outputFile string) error
 	var ageSecretKey string
 
 	// Check if secret exists
-	secretObj := secret.NewSecret(vault, secretName)
+	secretObj := secret.NewSecret(vlt, secretName)
 	exists, err := secretObj.Exists()
 	if err != nil {
 		return fmt.Errorf("failed to check if secret exists: %w", err)
@@ -73,7 +74,7 @@ func (cli *CLIInstance) Encrypt(secretName, inputFile, outputFile string) error
 		if os.Getenv(secret.EnvMnemonic) != "" {
 			secretValue, err = secretObj.GetValue(nil)
 		} else {
-			unlockKey, unlockErr := vault.GetCurrentUnlockKey()
+			unlockKey, unlockErr := vlt.GetCurrentUnlockKey()
 			if unlockErr != nil {
 				return fmt.Errorf("failed to get current unlock key: %w", unlockErr)
 			}
@@ -90,29 +91,28 @@ func (cli *CLIInstance) Encrypt(secretName, inputFile, outputFile string) error
 			return fmt.Errorf("secret '%s' does not contain a valid age secret key", secretName)
 		}
 	} else {
-		// Secret doesn't exist, generate a new age secret key
+		// Secret doesn't exist, generate new age key and store it
 		identity, err := age.GenerateX25519Identity()
 		if err != nil {
-			return fmt.Errorf("failed to generate age secret key: %w", err)
+			return fmt.Errorf("failed to generate age key: %w", err)
 		}
 
 		ageSecretKey = identity.String()
 
-		// Store the new secret
-		if err := vault.AddSecret(secretName, []byte(ageSecretKey), false); err != nil {
-			return fmt.Errorf("failed to store age secret key: %w", err)
+		// Store the generated key as a secret
+		err = vlt.AddSecret(secretName, []byte(ageSecretKey), false)
+		if err != nil {
+			return fmt.Errorf("failed to store age key: %w", err)
 		}
-
-		fmt.Fprintf(os.Stderr, "Generated new age secret key and stored in secret '%s'\n", secretName)
 	}
 
-	// Parse the age secret key to get the identity
+	// Parse the secret key
 	identity, err := age.ParseX25519Identity(ageSecretKey)
 	if err != nil {
 		return fmt.Errorf("failed to parse age secret key: %w", err)
 	}
 
-	// Get the recipient (public key) for encryption
+	// Get recipient from identity
 	recipient := identity.Recipient()
 
 	// Set up input reader
@@ -157,13 +157,13 @@ func (cli *CLIInstance) Encrypt(secretName, inputFile, outputFile string) error
 // Decrypt decrypts data using an age secret key stored in a secret
 func (cli *CLIInstance) Decrypt(secretName, inputFile, outputFile string) error {
 	// Get current vault
-	vault, err := secret.GetCurrentVault(cli.fs, cli.stateDir)
+	vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
 	if err != nil {
 		return err
 	}
 
 	// Check if secret exists
-	secretObj := secret.NewSecret(vault, secretName)
+	secretObj := secret.NewSecret(vlt, secretName)
 	exists, err := secretObj.Exists()
 	if err != nil {
 		return fmt.Errorf("failed to check if secret exists: %w", err)
@@ -178,7 +178,7 @@ func (cli *CLIInstance) Decrypt(secretName, inputFile, outputFile string) error
 	if os.Getenv(secret.EnvMnemonic) != "" {
 		secretValue, err = secretObj.GetValue(nil)
 	} else {
-		unlockKey, unlockErr := vault.GetCurrentUnlockKey()
+		unlockKey, unlockErr := vlt.GetCurrentUnlockKey()
 		if unlockErr != nil {
 			return fmt.Errorf("failed to get current unlock key: %w", unlockErr)
 		}