sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55 Commits 1 Branch 0 Tags 6.4 MiB
efc9456948
Commit Graph

55 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sneak
efc9456948 Fix G115 integer overflow warnings in agehd tests 
Add bounds checking before converting int to uint32 to prevent
potential integer overflow in benchmark and concurrent test functions
 2025-06-20 08:27:41 -07:00
sneak
c52430554a Fix usetesting errors in CLI integration test 
Replace os.Setenv() with t.Setenv() for GODEBUG and SB_SECRET_STATE_DIR
environment variables in TestSecretManagerIntegration and test23ErrorHandling
 2025-06-20 08:24:54 -07:00
sneak
fd7ab06fb1 Modify test target to re-run in verbose mode only on failure 2025-06-20 08:12:06 -07:00
sneak
434b73d834 Fix intrange and G101 linting issues 
- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go
- Disable G101 false positives for test vectors and environment variable names
- Add file-level gosec disable for bip85_test.go containing BIP85 test vectors
- Add targeted nolint comments for legitimate test data and constants
 2025-06-20 08:08:01 -07:00
sneak
985d79d3c0 fix: resolve critical security vulnerabilities in debug logging and command execution 
- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go)
- Add input validation for GPG key IDs and keychain item names
- Resolve GPG key IDs to full fingerprints before storing in metadata
- Add comprehensive test coverage for validation functions
- Add golangci-lint configuration with additional linters

Security improvements:
- Debug logs no longer expose decrypted secret values or private keys
- GPG and keychain commands now validate input to prevent injection attacks
- All validation uses precompiled regex patterns for performance
 2025-06-20 07:50:26 -07:00
sneak
004dce5472 passes tests now! 2025-06-20 07:24:48 -07:00
sneak
0b31fba663 latest from ai, it broke the tests 2025-06-20 05:40:20 -07:00
sneak
6958b2a6e2 ignore *.log files 2025-06-11 15:29:20 -07:00
sneak
fd4194503c removed file erroneously committed 2025-06-11 15:29:02 -07:00
sneak
a1800a8e88 removed binary erroneously committed by LLM :/ 2025-06-11 15:28:14 -07:00
sneak
03e0ee2f95 refactor: remove confusing dual ID method pattern from Unlocker interface - Removed redundant ID() method from Unlocker interface - Removed ID field from UnlockerMetadata struct - Modified GetID() to generate IDs dynamically based on unlocker type and data - Updated vault package to create unlocker instances when searching by ID - Fixed all tests and CLI code to remove ID field references - IDs are now consistently generated from unlocker data, preventing redundancy 2025-06-11 15:21:20 -07:00
sneak
9adf0c0803 refactor: fix redundant metadata fields across the codebase - Removed VaultMetadata.Name (redundant with directory structure) - Removed SecretMetadata.Name (redundant with Secret.Name field) - Removed AgePublicKey and AgeRecipient from PGPUnlockerMetadata - Removed AgePublicKey from KeychainUnlockerMetadata - Changed PGP and Keychain unlockers to store recipient in pub.txt instead of pub.age - Fixed all tests to reflect these changes - Follows DRY principle and prevents data inconsistency 2025-06-09 17:44:10 -07:00
sneak
e9d03987f9 refactor: remove redundant SecretName and Version fields from VersionMetadata - Removed SecretName and Version fields that were redundant with directory structure and parent SecretVersion struct - Updated tests to remove references to deleted fields - Follows DRY principle and prevents potential data inconsistency 2025-06-09 17:26:57 -07:00
sneak
b0e3cdd3d0 fix: Restore fmt target to Makefile 2025-06-09 17:22:44 -07:00
sneak
2e3fc475cf fix: Use vault metadata derivation index for environment mnemonic - Fixed bug where GetValue() used hardcoded index 0 instead of vault metadata - Added test31 to verify environment mnemonic respects vault derivation index - Rewrote test19DisasterRecovery to actually test manual recovery process - Removed all test skip statements as requested 2025-06-09 17:21:02 -07:00
sneak
1f89fce21b latest 2025-06-09 05:59:26 -07:00
sneak
512b742c46 latest agent instructions 2025-06-09 05:59:17 -07:00
sneak
02be4b2a55 Fix integration tests: correct vault derivation index and debug test failures 2025-06-09 04:54:45 -07:00
sneak
e036d280c0 tests pass now, not sure if they are any good 2025-06-08 22:29:55 -07:00
sneak
ac81023ea0 add LLM instructions 2025-06-08 22:19:13 -07:00
sneak
d76a4cbf4d fix tests 2025-06-08 22:13:22 -07:00
sneak
fbda2d91af add secret versioning support 2025-06-08 22:07:19 -07:00
sneak
f59ee4d2d6 'unlock keys' renamed to 'unlockers' 2025-05-30 07:29:02 -07:00
sneak
0bf8e71b52 fix: resolve ineffectual assignment lint error in pgpunlock_test.go 2025-05-29 16:36:10 -07:00
sneak
34d6870e6a feat: add derivation index to vault metadata for unique keys - Add VaultMetadata fields: DerivationIndex, LongTermKeyHash, MnemonicHash - Implement GetNextDerivationIndex() to track and increment indices for same mnemonics - Update init and import commands to use proper derivation indices - Add ComputeDoubleSHA256() for hash calculations - Save vault metadata on creation with all derivation information - Add comprehensive tests for metadata functionality. This ensures multiple vaults using the same mnemonic will derive different long-term keys by using incremented derivation indices. The mnemonic is double SHA256 hashed and stored to track which vaults share mnemonics. Fixes TODO item #5 2025-05-29 16:23:29 -07:00
sneak
1a1b11c5a3 Add comprehensive PGP unlock key testing with non-interactive GPG support 2025-05-29 15:05:58 -07:00
sneak
85d7ef21eb Add comprehensive test coverage and fix empty branch issue 2025-05-29 14:18:39 -07:00
sneak
a4d7225036 Standardize file permissions using constants and fix parameter ordering inconsistencies 2025-05-29 13:13:44 -07:00
sneak
8dc2e9d748 Remove duplicated wrapper crypto functions and use exported implementations directly 2025-05-29 13:08:00 -07:00
sneak
8cc15fde3d latest 2025-05-29 13:02:39 -07:00
sneak
ddb395901b Refactor vault functionality to dedicated package, fix import cycles with interface pattern, fix tests 2025-05-29 12:48:36 -07:00
sneak
c33385be6c Clean up integration test script: remove redundant tests and fix misleading output - Remove redundant manual input tests that were actually using environment variables - Update all test output to honestly reflect automated testing with env vars - Consolidate similar test cases to reduce duplication - Fix cross-vault operations test by properly recreating work vault after reset_state - Import mnemonic into work vault so it can store secrets - Update test descriptions to be accurate about automation vs manual input - All tests now pass successfully with proper environment variable usage 2025-05-29 11:04:31 -07:00
sneak
e95609ce69 latest 2025-05-29 11:02:22 -07:00
sneak
345709a306 refactor: Implement proper separation between unlock keys and secret decryption - Remove DecryptSecret methods from all unlock key implementations - Secrets now handle their own decryption via Secret.GetValue(unlockKey) - Unlock keys are only responsible for vault access (getting long-term key) - Add decryptWithLongTermKey helper for per-secret key architecture - Fix vault import to work in non-interactive mode without unlock keys - Maintain clean architecture: unlock keys → vault access → secret decryption - All tests passing with new architecture 2025-05-29 10:06:30 -07:00
sneak
4b59d6fb82 fix: Update integration test script for new architecture - Update file checks to expect value.age instead of secret.age - Add debug output support with GODEBUG environment variable - Remove output redirections to show command execution and debug info - Fix test expectations to match per-secret key file structure 2025-05-29 09:52:39 -07:00
sneak
5ca657c104 feat: Enhance debug logging system - Add TTY detection for colorized vs JSON output - Disable stderr buffering when debug is enabled for immediate output - Add comprehensive debug functions with structured logging support - Improve debugging experience during development and troubleshooting 2025-05-29 09:52:32 -07:00
sneak
bbaf1cbd97 fix: Prevent hanging in non-interactive environments - Add terminal detection to readPassphrase, readSecurePassphrase, and readLineFromStdin - Return clear error messages when stderr is not a terminal instead of hanging - Improves automation and CI/CD reliability 2025-05-29 09:52:26 -07:00
sneak
f838c8cb98 feat: Implement per-secret key architecture with individual keypairs - Each secret now has its own encryption keypair stored as pub.age, priv.age, value.age - Secret private keys are encrypted to vault long-term public key - Values stored as value.age instead of secret.age for new architecture 2025-05-29 09:52:18 -07:00
sneak
43767c725f chore: Update .gitignore to exclude .DS_Store files and built binary 2025-05-29 09:52:11 -07:00
sneak
b26794e21a test: Add comprehensive test suite for secret manager - CLI, debug, secret, and vault tests with in-memory filesystem for fast isolated testing 2025-05-29 09:52:05 -07:00
sneak
7dc14da4af simplify 2025-05-29 08:33:06 -07:00
sneak
3d90388b5b restored from backups 2025-05-29 08:30:16 -07:00
sneak
8c08c2e748 restoring from chat historyy 2025-05-29 08:22:43 -07:00
sneak
ee49ace397 man what a clusterfuck 2025-05-29 08:21:05 -07:00
sneak
1b8ea9695b feat: implement debug logging system (#5) - Added debug.go with structured logging using log/slog - Supports GODEBUG=berlin.sneak.pkg.secret flag - JSON output for non-TTY stderr, colorized output for TTY - Added Debug(), DebugF(), and DebugWith() functions - Early return when debug is disabled for performance - Added comprehensive tests for debug functionality - Integrated debug logging into CLI init and vault operations - Removed completed TODO item #5 2025-05-29 06:25:50 -07:00
sneak
9f0f5cc8a1 todo list items 2025-05-29 06:19:41 -07:00
sneak
89a8af2aa1 docs 2025-05-29 06:14:19 -07:00
sneak
659b5ba508 refactor: rename SEP to Keychain and reorganize import commands - Renamed sepunlock.go to keychainunlock.go - Changed all SEP types to Keychain types (SEPUnlockKey -> KeychainUnlockKey) - Updated type string from 'macos-sep' to 'keychain' - Moved 'secret import' to 'secret vault import' for mnemonic imports - Added new 'secret import <secret-name> --source <filename>' for file imports - Updated README to replace all 'Secure Enclave' references with 'macOS Keychain' - Updated directory structure diagrams and examples - Fixed linter error in MarkFlagRequired call - All tests passing, linter clean 2025-05-29 06:07:15 -07:00
sneak
bb82d10f91 fix: enable cobra usage printing after errors - Set SilenceUsage and SilenceErrors to false in root command - Addresses critical TODO item for better error handling - Users will now see command usage when commands fail 2025-05-29 05:59:29 -07:00
sneak
c526b68f58 docs: comprehensive README.md and TODO.md for 1.0 release - Updated README.md with detailed documentation of all commands, architecture, and storage system - Added comprehensive TODO.md with critical, important, and trivial items for 1.0 release - Documented three-layer key hierarchy and vault system - Included examples, security considerations, and cross-platform notes - Identified key bugs including missing cobra usage printing after errors - Categorized 50+ items by priority with timeline estimates 2025-05-29 05:58:21 -07:00