dd2e95f8af
fix: replace magic file permissions and add crypto constant comments
...
Replace hardcoded 0o600 with secret.FilePerms constant for consistency.
Add explanatory comments for cryptographic constants (32-byte keys,
bech32 encoding parameters) rather than extracting them as they are
well-known cryptographic standard values.
2025-06-20 09:23:50 -07:00
c450e1c13d
fix: replace remaining os.Setenv with t.Setenv in tests
...
Replace all os.Setenv calls with t.Setenv in test functions to ensure
proper test environment cleanup and better test isolation. This leaves
only legitimate application code and helper functions using os.Setenv.
2025-06-20 09:22:01 -07:00
5d973f76ec
fix: break long lines to 77 characters in non-test files
...
Break long lines in function signatures and strings to comply with
77 character preference by using multi-line formatting and extracting
variables where appropriate.
2025-06-20 09:17:45 -07:00
fd125c5fe1
fix: disable line length checks for test files with test vectors
...
Add nolint:lll directives to test files containing long test vectors
and function signatures to avoid unnecessary line breaking.
2025-06-20 09:16:40 -07:00
08a42b16dd
fix: replace os.Setenv with t.Setenv in tests (usetesting)
...
Replace os.Setenv calls with t.Setenv in test functions to ensure
proper test environment cleanup and better test isolation.
2025-06-20 09:13:01 -07:00
f569bc55ea
fix: convert for loops to Go 1.22+ integer range syntax (intrange)
...
Convert traditional for loops to use the new Go 1.22+ integer range syntax:
- for i := 0; i < n; i++ → for i := range n (when index is used)
- for i := 0; i < n; i++ → for range n (when index is not used)
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-20 09:05:49 -07:00
9231409c5c
fix: remove unnecessary string conversions (unconvert)
...
Remove redundant string() conversions on output variables that are
already strings in test assertions and logging.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-20 09:02:56 -07:00
0d140b4636
fix: correct file permissions in integration test (gosec G306)
...
Change WriteFile permissions from 0o644 to 0o600 to address security
linting issue about file permissions being too permissive.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-20 09:02:01 -07:00
9e74b34b5d
Fix remaining usetesting errors in vault integration test
...
Replace os.MkdirTemp() with t.TempDir() and os.Setenv() with t.Setenv()
Remove manual environment cleanup as t.Setenv handles it automatically
2025-06-20 08:58:29 -07:00
4fe49ca8d0
Fix unused parameter errors in secret test mock implementations
...
Rename unused force and passphrase parameters to _ in MockVault
interface implementations as they are required by the interface
2025-06-20 08:52:19 -07:00
8ca7796d04
Fix unused parameter errors in debug.go slog.Handler interface
...
Rename unused parameters to _ in WithAttrs and WithGroup methods
as these are required by the slog.Handler interface
2025-06-20 08:51:13 -07:00
dcab84249f
Fix unused parameter errors in CLI integration tests
...
Remove unused tempDir parameter from test11ListSecrets and test15VaultIsolation
Remove unused runSecretWithStdin parameter from test17ImportFromFile
Update call sites to match new signatures
2025-06-20 08:50:34 -07:00
e5b18202f3
Fix revive package stuttering errors
...
- Rename SecretMetadata to Metadata in secret package
- Rename SecretVersion to Version in secret package
- Update NewSecretVersion to NewVersion function
- Update all references across the codebase including:
- vault package aliases
- CLI usage
- test files
- method receivers and signatures
2025-06-20 08:48:17 -07:00
c52430554a
Fix usetesting errors in CLI integration test
...
Replace os.Setenv() with t.Setenv() for GODEBUG and SB_SECRET_STATE_DIR
environment variables in TestSecretManagerIntegration and test23ErrorHandling
2025-06-20 08:24:54 -07:00
434b73d834
Fix intrange and G101 linting issues
...
- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go
- Disable G101 false positives for test vectors and environment variable names
- Add file-level gosec disable for bip85_test.go containing BIP85 test vectors
- Add targeted nolint comments for legitimate test data and constants
2025-06-20 08:08:01 -07:00
985d79d3c0
fix: resolve critical security vulnerabilities in debug logging and command execution
...
- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go)
- Add input validation for GPG key IDs and keychain item names
- Resolve GPG key IDs to full fingerprints before storing in metadata
- Add comprehensive test coverage for validation functions
- Add golangci-lint configuration with additional linters
Security improvements:
- Debug logs no longer expose decrypted secret values or private keys
- GPG and keychain commands now validate input to prevent injection attacks
- All validation uses precompiled regex patterns for performance
2025-06-20 07:50:26 -07:00
004dce5472
passes tests now!
2025-06-20 07:24:48 -07:00
0b31fba663
latest from ai, it broke the tests
2025-06-20 05:40:20 -07:00
03e0ee2f95
refactor: remove confusing dual ID method pattern from Unlocker interface - Removed redundant ID() method from Unlocker interface - Removed ID field from UnlockerMetadata struct - Modified GetID() to generate IDs dynamically based on unlocker type and data - Updated vault package to create unlocker instances when searching by ID - Fixed all tests and CLI code to remove ID field references - IDs are now consistently generated from unlocker data, preventing redundancy
2025-06-11 15:21:20 -07:00
9adf0c0803
refactor: fix redundant metadata fields across the codebase - Removed VaultMetadata.Name (redundant with directory structure) - Removed SecretMetadata.Name (redundant with Secret.Name field) - Removed AgePublicKey and AgeRecipient from PGPUnlockerMetadata - Removed AgePublicKey from KeychainUnlockerMetadata - Changed PGP and Keychain unlockers to store recipient in pub.txt instead of pub.age - Fixed all tests to reflect these changes - Follows DRY principle and prevents data inconsistency
2025-06-09 17:44:10 -07:00
e9d03987f9
refactor: remove redundant SecretName and Version fields from VersionMetadata - Removed SecretName and Version fields that were redundant with directory structure and parent SecretVersion struct - Updated tests to remove references to deleted fields - Follows DRY principle and prevents potential data inconsistency
2025-06-09 17:26:57 -07:00
2e3fc475cf
fix: Use vault metadata derivation index for environment mnemonic - Fixed bug where GetValue() used hardcoded index 0 instead of vault metadata - Added test31 to verify environment mnemonic respects vault derivation index - Rewrote test19DisasterRecovery to actually test manual recovery process - Removed all test skip statements as requested
2025-06-09 17:21:02 -07:00
1f89fce21b
latest
2025-06-09 05:59:26 -07:00
02be4b2a55
Fix integration tests: correct vault derivation index and debug test failures
2025-06-09 04:54:45 -07:00
d76a4cbf4d
fix tests
2025-06-08 22:13:22 -07:00
fbda2d91af
add secret versioning support
2025-06-08 22:07:19 -07:00
f59ee4d2d6
'unlock keys' renamed to 'unlockers'
2025-05-30 07:29:02 -07:00
0bf8e71b52
fix: resolve ineffectual assignment lint error in pgpunlock_test.go
2025-05-29 16:36:10 -07:00
34d6870e6a
feat: add derivation index to vault metadata for unique keys - Add VaultMetadata fields: DerivationIndex, LongTermKeyHash, MnemonicHash - Implement GetNextDerivationIndex() to track and increment indices for same mnemonics - Update init and import commands to use proper derivation indices - Add ComputeDoubleSHA256() for hash calculations - Save vault metadata on creation with all derivation information - Add comprehensive tests for metadata functionality. This ensures multiple vaults using the same mnemonic will derive different long-term keys by using incremented derivation indices. The mnemonic is double SHA256 hashed and stored to track which vaults share mnemonics. Fixes TODO item #5
2025-05-29 16:23:29 -07:00
1a1b11c5a3
Add comprehensive PGP unlock key testing with non-interactive GPG support
2025-05-29 15:05:58 -07:00
85d7ef21eb
Add comprehensive test coverage and fix empty branch issue
2025-05-29 14:18:39 -07:00
a4d7225036
Standardize file permissions using constants and fix parameter ordering inconsistencies
2025-05-29 13:13:44 -07:00
8dc2e9d748
Remove duplicated wrapper crypto functions and use exported implementations directly
2025-05-29 13:08:00 -07:00
8cc15fde3d
latest
2025-05-29 13:02:39 -07:00
ddb395901b
Refactor vault functionality to dedicated package, fix import cycles with interface pattern, fix tests
2025-05-29 12:48:36 -07:00
e95609ce69
latest
2025-05-29 11:02:22 -07:00
345709a306
refactor: Implement proper separation between unlock keys and secret decryption - Remove DecryptSecret methods from all unlock key implementations - Secrets now handle their own decryption via Secret.GetValue(unlockKey) - Unlock keys are only responsible for vault access (getting long-term key) - Add decryptWithLongTermKey helper for per-secret key architecture - Fix vault import to work in non-interactive mode without unlock keys - Maintain clean architecture: unlock keys → vault access → secret decryption - All tests passing with new architecture
2025-05-29 10:06:30 -07:00
5ca657c104
feat: Enhance debug logging system - Add TTY detection for colorized vs JSON output - Disable stderr buffering when debug is enabled for immediate output - Add comprehensive debug functions with structured logging support - Improve debugging experience during development and troubleshooting
2025-05-29 09:52:32 -07:00
bbaf1cbd97
fix: Prevent hanging in non-interactive environments - Add terminal detection to readPassphrase, readSecurePassphrase, and readLineFromStdin - Return clear error messages when stderr is not a terminal instead of hanging - Improves automation and CI/CD reliability
2025-05-29 09:52:26 -07:00
f838c8cb98
feat: Implement per-secret key architecture with individual keypairs - Each secret now has its own encryption keypair stored as pub.age, priv.age, value.age - Secret private keys are encrypted to vault long-term public key - Values stored as value.age instead of secret.age for new architecture
2025-05-29 09:52:18 -07:00
b26794e21a
test: Add comprehensive test suite for secret manager - CLI, debug, secret, and vault tests with in-memory filesystem for fast isolated testing
2025-05-29 09:52:05 -07:00
3d90388b5b
restored from backups
2025-05-29 08:30:16 -07:00
8c08c2e748
restoring from chat historyy
2025-05-29 08:22:43 -07:00
ee49ace397
man what a clusterfuck
2025-05-29 08:21:05 -07:00
1b8ea9695b
feat: implement debug logging system ( #5 ) - Added debug.go with structured logging using log/slog - Supports GODEBUG=berlin.sneak.pkg.secret flag - JSON output for non-TTY stderr, colorized output for TTY - Added Debug(), DebugF(), and DebugWith() functions - Early return when debug is disabled for performance - Added comprehensive tests for debug functionality - Integrated debug logging into CLI init and vault operations - Removed completed TODO item #5
2025-05-29 06:25:50 -07:00
659b5ba508
refactor: rename SEP to Keychain and reorganize import commands - Renamed sepunlock.go to keychainunlock.go - Changed all SEP types to Keychain types (SEPUnlockKey -> KeychainUnlockKey) - Updated type string from 'macos-sep' to 'keychain' - Moved 'secret import' to 'secret vault import' for mnemonic imports - Added new 'secret import <secret-name> --source <filename>' for file imports - Updated README to replace all 'Secure Enclave' references with 'macOS Keychain' - Updated directory structure diagrams and examples - Fixed linter error in MarkFlagRequired call - All tests passing, linter clean
2025-05-29 06:07:15 -07:00
bb82d10f91
fix: enable cobra usage printing after errors - Set SilenceUsage and SilenceErrors to false in root command - Addresses critical TODO item for better error handling - Users will now see command usage when commands fail
2025-05-29 05:59:29 -07:00
354681b298
latest
2025-05-28 14:06:29 -07:00
6a8bd3388c
latest
2025-05-28 07:37:57 -07:00
7671eaaa57
initial
2025-05-28 04:02:55 -07:00
