'unlock keys' renamed to 'unlockers'

internal/cli/init.go

@@ -140,7 +140,7 @@ func (cli *CLIInstance) Init(cmd *cobra.Command) error {
 	// Unlock the vault with the derived long-term key
 	vlt.Unlock(ltIdentity)
 
-	// Prompt for passphrase for unlock key
+	// Prompt for passphrase for unlocker
 	var passphraseStr string
 	if envPassphrase := os.Getenv(secret.EnvUnlockPassphrase); envPassphrase != "" {
 		secret.Debug("Using unlock passphrase from environment variable")
@@ -148,61 +148,61 @@ func (cli *CLIInstance) Init(cmd *cobra.Command) error {
 	} else {
 		secret.Debug("Prompting user for unlock passphrase")
 		// Use secure passphrase input with confirmation
-		passphraseStr, err = readSecurePassphrase("Enter passphrase for unlock key: ")
+		passphraseStr, err = readSecurePassphrase("Enter passphrase for unlocker: ")
 		if err != nil {
 			secret.Debug("Failed to read unlock passphrase", "error", err)
 			return fmt.Errorf("failed to read passphrase: %w", err)
 		}
 	}
 
-	// Create passphrase-protected unlock key
-	secret.Debug("Creating passphrase-protected unlock key")
-	passphraseKey, err := vlt.CreatePassphraseKey(passphraseStr)
+	// Create passphrase-protected unlocker
+	secret.Debug("Creating passphrase-protected unlocker")
+	passphraseUnlocker, err := vlt.CreatePassphraseUnlocker(passphraseStr)
 	if err != nil {
-		secret.Debug("Failed to create unlock key", "error", err)
-		return fmt.Errorf("failed to create unlock key: %w", err)
+		secret.Debug("Failed to create unlocker", "error", err)
+		return fmt.Errorf("failed to create unlocker: %w", err)
 	}
 
-	// Encrypt long-term private key to the unlock key
-	unlockKeyDir := passphraseKey.GetDirectory()
+	// Encrypt long-term private key to the unlocker
+	unlockerDir := passphraseUnlocker.GetDirectory()
 
-	// Read unlock key public key
-	unlockPubKeyData, err := afero.ReadFile(cli.fs, filepath.Join(unlockKeyDir, "pub.age"))
+	// Read unlocker public key
+	unlockerPubKeyData, err := afero.ReadFile(cli.fs, filepath.Join(unlockerDir, "pub.age"))
 	if err != nil {
-		return fmt.Errorf("failed to read unlock key public key: %w", err)
+		return fmt.Errorf("failed to read unlocker public key: %w", err)
 	}
 
-	unlockRecipient, err := age.ParseX25519Recipient(string(unlockPubKeyData))
+	unlockerRecipient, err := age.ParseX25519Recipient(string(unlockerPubKeyData))
 	if err != nil {
-		return fmt.Errorf("failed to parse unlock key public key: %w", err)
+		return fmt.Errorf("failed to parse unlocker public key: %w", err)
 	}
 
-	// Encrypt long-term private key to unlock key
+	// Encrypt long-term private key to unlocker
 	ltPrivKeyData := []byte(ltIdentity.String())
-	encryptedLtPrivKey, err := secret.EncryptToRecipient(ltPrivKeyData, unlockRecipient)
+	encryptedLtPrivKey, err := secret.EncryptToRecipient(ltPrivKeyData, unlockerRecipient)
 	if err != nil {
 		return fmt.Errorf("failed to encrypt long-term private key: %w", err)
 	}
 
 	// Write encrypted long-term private key
-	if err := afero.WriteFile(cli.fs, filepath.Join(unlockKeyDir, "longterm.age"), encryptedLtPrivKey, secret.FilePerms); err != nil {
+	if err := afero.WriteFile(cli.fs, filepath.Join(unlockerDir, "longterm.age"), encryptedLtPrivKey, secret.FilePerms); err != nil {
 		return fmt.Errorf("failed to write encrypted long-term private key: %w", err)
 	}
 
 	if cmd != nil {
 		cmd.Printf("\nDefault vault created and configured\n")
 		cmd.Printf("Long-term public key: %s\n", ltPubKey)
-		cmd.Printf("Unlock key ID: %s\n", passphraseKey.GetID())
+		cmd.Printf("Unlocker ID: %s\n", passphraseUnlocker.GetID())
 		cmd.Println("\nYour secret manager is ready to use!")
 		cmd.Println("Note: When using SB_SECRET_MNEMONIC environment variable,")
-		cmd.Println("unlock keys are not required for secret operations.")
+		cmd.Println("unlockers are not required for secret operations.")
 	}
 
 	return nil
 }
 
 // readSecurePassphrase reads a passphrase securely from the terminal without echoing
-// This version adds confirmation (read twice) for creating new unlock keys
+// This version adds confirmation (read twice) for creating new unlockers
 func readSecurePassphrase(prompt string) (string, error) {
 	// Get the first passphrase
 	passphrase1, err := secret.ReadPassphrase(prompt)