sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66 Commits 1 Branch 0 Tags 6.4 MiB
08a42b16dd
Commit Graph

66 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sneak
08a42b16dd fix: replace os.Setenv with t.Setenv in tests (usetesting) 
Replace os.Setenv calls with t.Setenv in test functions to ensure
proper test environment cleanup and better test isolation.
 2025-06-20 09:13:01 -07:00
sneak
b736789ecb fix: adjust line lengths to 77 characters 
Break long lines in function signatures and strings to comply with
77 character preference for better readability.
 2025-06-20 09:10:28 -07:00
sneak
f569bc55ea fix: convert for loops to Go 1.22+ integer range syntax (intrange) 
Convert traditional for loops to use the new Go 1.22+ integer range syntax:
- for i := 0; i < n; i++ → for i := range n (when index is used)
- for i := 0; i < n; i++ → for range n (when index is not used)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-20 09:05:49 -07:00
sneak
9231409c5c fix: remove unnecessary string conversions (unconvert) 
Remove redundant string() conversions on output variables that are
already strings in test assertions and logging.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-20 09:02:56 -07:00
sneak
0d140b4636 fix: correct file permissions in integration test (gosec G306) 
Change WriteFile permissions from 0o644 to 0o600 to address security
linting issue about file permissions being too permissive.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-20 09:02:01 -07:00
sneak
9e74b34b5d Fix remaining usetesting errors in vault integration test 
Replace os.MkdirTemp() with t.TempDir() and os.Setenv() with t.Setenv()
Remove manual environment cleanup as t.Setenv handles it automatically
 2025-06-20 08:58:29 -07:00
sneak
47afe117f4 Fix unused parameter errors in agehd and bip85 tests 
- Remove unused goroutineID parameter from agehd concurrent test
- Remove unused description parameter from bip85 logTestVector function
- Update all call sites to match new signatures
 2025-06-20 08:55:42 -07:00
sneak
4fe49ca8d0 Fix unused parameter errors in secret test mock implementations 
Rename unused force and passphrase parameters to _ in MockVault
interface implementations as they are required by the interface
 2025-06-20 08:52:19 -07:00
sneak
8ca7796d04 Fix unused parameter errors in debug.go slog.Handler interface 
Rename unused parameters to _ in WithAttrs and WithGroup methods
as these are required by the slog.Handler interface
 2025-06-20 08:51:13 -07:00
sneak
dcab84249f Fix unused parameter errors in CLI integration tests 
Remove unused tempDir parameter from test11ListSecrets and test15VaultIsolation
Remove unused runSecretWithStdin parameter from test17ImportFromFile
Update call sites to match new signatures
 2025-06-20 08:50:34 -07:00
sneak
e5b18202f3 Fix revive package stuttering errors 
- Rename SecretMetadata to Metadata in secret package
- Rename SecretVersion to Version in secret package
- Update NewSecretVersion to NewVersion function
- Update all references across the codebase including:
  - vault package aliases
  - CLI usage
  - test files
  - method receivers and signatures
 2025-06-20 08:48:17 -07:00
sneak
efc9456948 Fix G115 integer overflow warnings in agehd tests 
Add bounds checking before converting int to uint32 to prevent
potential integer overflow in benchmark and concurrent test functions
 2025-06-20 08:27:41 -07:00
sneak
c52430554a Fix usetesting errors in CLI integration test 
Replace os.Setenv() with t.Setenv() for GODEBUG and SB_SECRET_STATE_DIR
environment variables in TestSecretManagerIntegration and test23ErrorHandling
 2025-06-20 08:24:54 -07:00
sneak
fd7ab06fb1 Modify test target to re-run in verbose mode only on failure 2025-06-20 08:12:06 -07:00
sneak
434b73d834 Fix intrange and G101 linting issues 
- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go
- Disable G101 false positives for test vectors and environment variable names
- Add file-level gosec disable for bip85_test.go containing BIP85 test vectors
- Add targeted nolint comments for legitimate test data and constants
 2025-06-20 08:08:01 -07:00
sneak
985d79d3c0 fix: resolve critical security vulnerabilities in debug logging and command execution 
- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go)
- Add input validation for GPG key IDs and keychain item names
- Resolve GPG key IDs to full fingerprints before storing in metadata
- Add comprehensive test coverage for validation functions
- Add golangci-lint configuration with additional linters

Security improvements:
- Debug logs no longer expose decrypted secret values or private keys
- GPG and keychain commands now validate input to prevent injection attacks
- All validation uses precompiled regex patterns for performance
 2025-06-20 07:50:26 -07:00
sneak
004dce5472 passes tests now! 2025-06-20 07:24:48 -07:00
sneak
0b31fba663 latest from ai, it broke the tests 2025-06-20 05:40:20 -07:00
sneak
6958b2a6e2 ignore *.log files 2025-06-11 15:29:20 -07:00
sneak
fd4194503c removed file erroneously committed 2025-06-11 15:29:02 -07:00
sneak
a1800a8e88 removed binary erroneously committed by LLM :/ 2025-06-11 15:28:14 -07:00
sneak
03e0ee2f95 refactor: remove confusing dual ID method pattern from Unlocker interface - Removed redundant ID() method from Unlocker interface - Removed ID field from UnlockerMetadata struct - Modified GetID() to generate IDs dynamically based on unlocker type and data - Updated vault package to create unlocker instances when searching by ID - Fixed all tests and CLI code to remove ID field references - IDs are now consistently generated from unlocker data, preventing redundancy 2025-06-11 15:21:20 -07:00
sneak
9adf0c0803 refactor: fix redundant metadata fields across the codebase - Removed VaultMetadata.Name (redundant with directory structure) - Removed SecretMetadata.Name (redundant with Secret.Name field) - Removed AgePublicKey and AgeRecipient from PGPUnlockerMetadata - Removed AgePublicKey from KeychainUnlockerMetadata - Changed PGP and Keychain unlockers to store recipient in pub.txt instead of pub.age - Fixed all tests to reflect these changes - Follows DRY principle and prevents data inconsistency 2025-06-09 17:44:10 -07:00
sneak
e9d03987f9 refactor: remove redundant SecretName and Version fields from VersionMetadata - Removed SecretName and Version fields that were redundant with directory structure and parent SecretVersion struct - Updated tests to remove references to deleted fields - Follows DRY principle and prevents potential data inconsistency 2025-06-09 17:26:57 -07:00
sneak
b0e3cdd3d0 fix: Restore fmt target to Makefile 2025-06-09 17:22:44 -07:00
sneak
2e3fc475cf fix: Use vault metadata derivation index for environment mnemonic - Fixed bug where GetValue() used hardcoded index 0 instead of vault metadata - Added test31 to verify environment mnemonic respects vault derivation index - Rewrote test19DisasterRecovery to actually test manual recovery process - Removed all test skip statements as requested 2025-06-09 17:21:02 -07:00
sneak
1f89fce21b latest 2025-06-09 05:59:26 -07:00
sneak
512b742c46 latest agent instructions 2025-06-09 05:59:17 -07:00
sneak
02be4b2a55 Fix integration tests: correct vault derivation index and debug test failures 2025-06-09 04:54:45 -07:00
sneak
e036d280c0 tests pass now, not sure if they are any good 2025-06-08 22:29:55 -07:00
sneak
ac81023ea0 add LLM instructions 2025-06-08 22:19:13 -07:00
sneak
d76a4cbf4d fix tests 2025-06-08 22:13:22 -07:00
sneak
fbda2d91af add secret versioning support 2025-06-08 22:07:19 -07:00
sneak
f59ee4d2d6 'unlock keys' renamed to 'unlockers' 2025-05-30 07:29:02 -07:00
sneak
0bf8e71b52 fix: resolve ineffectual assignment lint error in pgpunlock_test.go 2025-05-29 16:36:10 -07:00
sneak
34d6870e6a feat: add derivation index to vault metadata for unique keys - Add VaultMetadata fields: DerivationIndex, LongTermKeyHash, MnemonicHash - Implement GetNextDerivationIndex() to track and increment indices for same mnemonics - Update init and import commands to use proper derivation indices - Add ComputeDoubleSHA256() for hash calculations - Save vault metadata on creation with all derivation information - Add comprehensive tests for metadata functionality. This ensures multiple vaults using the same mnemonic will derive different long-term keys by using incremented derivation indices. The mnemonic is double SHA256 hashed and stored to track which vaults share mnemonics. Fixes TODO item #5 2025-05-29 16:23:29 -07:00
sneak
1a1b11c5a3 Add comprehensive PGP unlock key testing with non-interactive GPG support 2025-05-29 15:05:58 -07:00
sneak
85d7ef21eb Add comprehensive test coverage and fix empty branch issue 2025-05-29 14:18:39 -07:00
sneak
a4d7225036 Standardize file permissions using constants and fix parameter ordering inconsistencies 2025-05-29 13:13:44 -07:00
sneak
8dc2e9d748 Remove duplicated wrapper crypto functions and use exported implementations directly 2025-05-29 13:08:00 -07:00
sneak
8cc15fde3d latest 2025-05-29 13:02:39 -07:00
sneak
ddb395901b Refactor vault functionality to dedicated package, fix import cycles with interface pattern, fix tests 2025-05-29 12:48:36 -07:00
sneak
c33385be6c Clean up integration test script: remove redundant tests and fix misleading output - Remove redundant manual input tests that were actually using environment variables - Update all test output to honestly reflect automated testing with env vars - Consolidate similar test cases to reduce duplication - Fix cross-vault operations test by properly recreating work vault after reset_state - Import mnemonic into work vault so it can store secrets - Update test descriptions to be accurate about automation vs manual input - All tests now pass successfully with proper environment variable usage 2025-05-29 11:04:31 -07:00
sneak
e95609ce69 latest 2025-05-29 11:02:22 -07:00
sneak
345709a306 refactor: Implement proper separation between unlock keys and secret decryption - Remove DecryptSecret methods from all unlock key implementations - Secrets now handle their own decryption via Secret.GetValue(unlockKey) - Unlock keys are only responsible for vault access (getting long-term key) - Add decryptWithLongTermKey helper for per-secret key architecture - Fix vault import to work in non-interactive mode without unlock keys - Maintain clean architecture: unlock keys → vault access → secret decryption - All tests passing with new architecture 2025-05-29 10:06:30 -07:00
sneak
4b59d6fb82 fix: Update integration test script for new architecture - Update file checks to expect value.age instead of secret.age - Add debug output support with GODEBUG environment variable - Remove output redirections to show command execution and debug info - Fix test expectations to match per-secret key file structure 2025-05-29 09:52:39 -07:00
sneak
5ca657c104 feat: Enhance debug logging system - Add TTY detection for colorized vs JSON output - Disable stderr buffering when debug is enabled for immediate output - Add comprehensive debug functions with structured logging support - Improve debugging experience during development and troubleshooting 2025-05-29 09:52:32 -07:00
sneak
bbaf1cbd97 fix: Prevent hanging in non-interactive environments - Add terminal detection to readPassphrase, readSecurePassphrase, and readLineFromStdin - Return clear error messages when stderr is not a terminal instead of hanging - Improves automation and CI/CD reliability 2025-05-29 09:52:26 -07:00
sneak
f838c8cb98 feat: Implement per-secret key architecture with individual keypairs - Each secret now has its own encryption keypair stored as pub.age, priv.age, value.age - Secret private keys are encrypted to vault long-term public key - Values stored as value.age instead of secret.age for new architecture 2025-05-29 09:52:18 -07:00
sneak
43767c725f chore: Update .gitignore to exclude .DS_Store files and built binary 2025-05-29 09:52:11 -07:00