sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
54 Commits 2 Branches 0 Tags 7 MiB
ecaa5e101b
Commit Graph

54 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sneak
ecaa5e101b Fix all usetesting linter errors 
- Replace os.MkdirTemp() with t.TempDir() in test files
- Replace os.Setenv() with t.Setenv() in test files
- Remove manual environment cleanup code (t.Setenv automatically restores)
- Remove unused "os" imports from files that no longer use os package
 2025-06-20 08:18:38 -07:00
sneak
fd7ab06fb1 Modify test target to re-run in verbose mode only on failure 2025-06-20 08:12:06 -07:00
sneak
434b73d834 Fix intrange and G101 linting issues 
- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go
- Disable G101 false positives for test vectors and environment variable names
- Add file-level gosec disable for bip85_test.go containing BIP85 test vectors
- Add targeted nolint comments for legitimate test data and constants
 2025-06-20 08:08:01 -07:00
sneak
985d79d3c0 fix: resolve critical security vulnerabilities in debug logging and command execution 
- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go)
- Add input validation for GPG key IDs and keychain item names
- Resolve GPG key IDs to full fingerprints before storing in metadata
- Add comprehensive test coverage for validation functions
- Add golangci-lint configuration with additional linters

Security improvements:
- Debug logs no longer expose decrypted secret values or private keys
- GPG and keychain commands now validate input to prevent injection attacks
- All validation uses precompiled regex patterns for performance
 2025-06-20 07:50:26 -07:00
sneak
004dce5472 passes tests now! 2025-06-20 07:24:48 -07:00
sneak
0b31fba663 latest from ai, it broke the tests 2025-06-20 05:40:20 -07:00
sneak
6958b2a6e2 ignore *.log files 2025-06-11 15:29:20 -07:00
sneak
fd4194503c removed file erroneously committed 2025-06-11 15:29:02 -07:00
sneak
a1800a8e88 removed binary erroneously committed by LLM :/ 2025-06-11 15:28:14 -07:00
sneak
03e0ee2f95 refactor: remove confusing dual ID method pattern from Unlocker interface - Removed redundant ID() method from Unlocker interface - Removed ID field from UnlockerMetadata struct - Modified GetID() to generate IDs dynamically based on unlocker type and data - Updated vault package to create unlocker instances when searching by ID - Fixed all tests and CLI code to remove ID field references - IDs are now consistently generated from unlocker data, preventing redundancy 2025-06-11 15:21:20 -07:00
sneak
9adf0c0803 refactor: fix redundant metadata fields across the codebase - Removed VaultMetadata.Name (redundant with directory structure) - Removed SecretMetadata.Name (redundant with Secret.Name field) - Removed AgePublicKey and AgeRecipient from PGPUnlockerMetadata - Removed AgePublicKey from KeychainUnlockerMetadata - Changed PGP and Keychain unlockers to store recipient in pub.txt instead of pub.age - Fixed all tests to reflect these changes - Follows DRY principle and prevents data inconsistency 2025-06-09 17:44:10 -07:00
sneak
e9d03987f9 refactor: remove redundant SecretName and Version fields from VersionMetadata - Removed SecretName and Version fields that were redundant with directory structure and parent SecretVersion struct - Updated tests to remove references to deleted fields - Follows DRY principle and prevents potential data inconsistency 2025-06-09 17:26:57 -07:00
sneak
b0e3cdd3d0 fix: Restore fmt target to Makefile 2025-06-09 17:22:44 -07:00
sneak
2e3fc475cf fix: Use vault metadata derivation index for environment mnemonic - Fixed bug where GetValue() used hardcoded index 0 instead of vault metadata - Added test31 to verify environment mnemonic respects vault derivation index - Rewrote test19DisasterRecovery to actually test manual recovery process - Removed all test skip statements as requested 2025-06-09 17:21:02 -07:00
sneak
1f89fce21b latest 2025-06-09 05:59:26 -07:00
sneak
512b742c46 latest agent instructions 2025-06-09 05:59:17 -07:00
sneak
02be4b2a55 Fix integration tests: correct vault derivation index and debug test failures 2025-06-09 04:54:45 -07:00
sneak
e036d280c0 tests pass now, not sure if they are any good 2025-06-08 22:29:55 -07:00
sneak
ac81023ea0 add LLM instructions 2025-06-08 22:19:13 -07:00
sneak
d76a4cbf4d fix tests 2025-06-08 22:13:22 -07:00
sneak
fbda2d91af add secret versioning support 2025-06-08 22:07:19 -07:00
sneak
f59ee4d2d6 'unlock keys' renamed to 'unlockers' 2025-05-30 07:29:02 -07:00
sneak
0bf8e71b52 fix: resolve ineffectual assignment lint error in pgpunlock_test.go 2025-05-29 16:36:10 -07:00
sneak
34d6870e6a feat: add derivation index to vault metadata for unique keys - Add VaultMetadata fields: DerivationIndex, LongTermKeyHash, MnemonicHash - Implement GetNextDerivationIndex() to track and increment indices for same mnemonics - Update init and import commands to use proper derivation indices - Add ComputeDoubleSHA256() for hash calculations - Save vault metadata on creation with all derivation information - Add comprehensive tests for metadata functionality. This ensures multiple vaults using the same mnemonic will derive different long-term keys by using incremented derivation indices. The mnemonic is double SHA256 hashed and stored to track which vaults share mnemonics. Fixes TODO item #5 2025-05-29 16:23:29 -07:00
sneak
1a1b11c5a3 Add comprehensive PGP unlock key testing with non-interactive GPG support 2025-05-29 15:05:58 -07:00
sneak
85d7ef21eb Add comprehensive test coverage and fix empty branch issue 2025-05-29 14:18:39 -07:00
sneak
a4d7225036 Standardize file permissions using constants and fix parameter ordering inconsistencies 2025-05-29 13:13:44 -07:00
sneak
8dc2e9d748 Remove duplicated wrapper crypto functions and use exported implementations directly 2025-05-29 13:08:00 -07:00
sneak
8cc15fde3d latest 2025-05-29 13:02:39 -07:00
sneak
ddb395901b Refactor vault functionality to dedicated package, fix import cycles with interface pattern, fix tests 2025-05-29 12:48:36 -07:00
sneak
c33385be6c Clean up integration test script: remove redundant tests and fix misleading output - Remove redundant manual input tests that were actually using environment variables - Update all test output to honestly reflect automated testing with env vars - Consolidate similar test cases to reduce duplication - Fix cross-vault operations test by properly recreating work vault after reset_state - Import mnemonic into work vault so it can store secrets - Update test descriptions to be accurate about automation vs manual input - All tests now pass successfully with proper environment variable usage 2025-05-29 11:04:31 -07:00
sneak
e95609ce69 latest 2025-05-29 11:02:22 -07:00
sneak
345709a306 refactor: Implement proper separation between unlock keys and secret decryption - Remove DecryptSecret methods from all unlock key implementations - Secrets now handle their own decryption via Secret.GetValue(unlockKey) - Unlock keys are only responsible for vault access (getting long-term key) - Add decryptWithLongTermKey helper for per-secret key architecture - Fix vault import to work in non-interactive mode without unlock keys - Maintain clean architecture: unlock keys → vault access → secret decryption - All tests passing with new architecture 2025-05-29 10:06:30 -07:00
sneak
4b59d6fb82 fix: Update integration test script for new architecture - Update file checks to expect value.age instead of secret.age - Add debug output support with GODEBUG environment variable - Remove output redirections to show command execution and debug info - Fix test expectations to match per-secret key file structure 2025-05-29 09:52:39 -07:00
sneak
5ca657c104 feat: Enhance debug logging system - Add TTY detection for colorized vs JSON output - Disable stderr buffering when debug is enabled for immediate output - Add comprehensive debug functions with structured logging support - Improve debugging experience during development and troubleshooting 2025-05-29 09:52:32 -07:00
sneak
bbaf1cbd97 fix: Prevent hanging in non-interactive environments - Add terminal detection to readPassphrase, readSecurePassphrase, and readLineFromStdin - Return clear error messages when stderr is not a terminal instead of hanging - Improves automation and CI/CD reliability 2025-05-29 09:52:26 -07:00
sneak
f838c8cb98 feat: Implement per-secret key architecture with individual keypairs - Each secret now has its own encryption keypair stored as pub.age, priv.age, value.age - Secret private keys are encrypted to vault long-term public key - Values stored as value.age instead of secret.age for new architecture 2025-05-29 09:52:18 -07:00
sneak
43767c725f chore: Update .gitignore to exclude .DS_Store files and built binary 2025-05-29 09:52:11 -07:00
sneak
b26794e21a test: Add comprehensive test suite for secret manager - CLI, debug, secret, and vault tests with in-memory filesystem for fast isolated testing 2025-05-29 09:52:05 -07:00
sneak
7dc14da4af simplify 2025-05-29 08:33:06 -07:00
sneak
3d90388b5b restored from backups 2025-05-29 08:30:16 -07:00
sneak
8c08c2e748 restoring from chat historyy 2025-05-29 08:22:43 -07:00
sneak
ee49ace397 man what a clusterfuck 2025-05-29 08:21:05 -07:00
sneak
1b8ea9695b feat: implement debug logging system (#5) - Added debug.go with structured logging using log/slog - Supports GODEBUG=berlin.sneak.pkg.secret flag - JSON output for non-TTY stderr, colorized output for TTY - Added Debug(), DebugF(), and DebugWith() functions - Early return when debug is disabled for performance - Added comprehensive tests for debug functionality - Integrated debug logging into CLI init and vault operations - Removed completed TODO item #5 2025-05-29 06:25:50 -07:00
sneak
9f0f5cc8a1 todo list items 2025-05-29 06:19:41 -07:00
sneak
89a8af2aa1 docs 2025-05-29 06:14:19 -07:00
sneak
659b5ba508 refactor: rename SEP to Keychain and reorganize import commands - Renamed sepunlock.go to keychainunlock.go - Changed all SEP types to Keychain types (SEPUnlockKey -> KeychainUnlockKey) - Updated type string from 'macos-sep' to 'keychain' - Moved 'secret import' to 'secret vault import' for mnemonic imports - Added new 'secret import <secret-name> --source <filename>' for file imports - Updated README to replace all 'Secure Enclave' references with 'macOS Keychain' - Updated directory structure diagrams and examples - Fixed linter error in MarkFlagRequired call - All tests passing, linter clean 2025-05-29 06:07:15 -07:00
sneak
bb82d10f91 fix: enable cobra usage printing after errors - Set SilenceUsage and SilenceErrors to false in root command - Addresses critical TODO item for better error handling - Users will now see command usage when commands fail 2025-05-29 05:59:29 -07:00
sneak
c526b68f58 docs: comprehensive README.md and TODO.md for 1.0 release - Updated README.md with detailed documentation of all commands, architecture, and storage system - Added comprehensive TODO.md with critical, important, and trivial items for 1.0 release - Documented three-layer key hierarchy and vault system - Included examples, security considerations, and cross-platform notes - Identified key bugs including missing cobra usage printing after errors - Categorized 50+ items by priority with timeline estimates 2025-05-29 05:58:21 -07:00
sneak
2443256338 latest, trying to get sep to work without ADP membership 2025-05-29 04:03:40 -07:00