sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
08a42b16dd
secret/TODO.md
sneak e5b18202f3 Fix revive package stuttering errors 
- Rename SecretMetadata to Metadata in secret package
- Rename SecretVersion to Version in secret package
- Update NewSecretVersion to NewVersion function
- Update all references across the codebase including:
  - vault package aliases
  - CLI usage
  - test files
  - method receivers and signatures
2025-06-20 08:48:17 -07:00

4.9 KiB
Raw Blame History

TODO for 1.0 Release

This document outlines the bugs, issues, and improvements that need to be addressed before the 1.0 release of the secret manager. Items are prioritized from most critical (top) to least critical (bottom).

Code Cleanups

  • none of the integration tests should be searching for a binary or trying to execute another process. the integration tests cannot make another process or depend on a compiled file, they must do all of their testing in the current (test) process.

  • we shouldn't be passing around a statedir, it should be read from the environment or default.

CRITICAL SECURITY ISSUES - Must Fix Before 1.0

  • 1. Memory security vulnerabilities: Sensitive data (passwords, private keys, passphrases) stored as strings are not properly zeroed from memory after use. Memory dumps or swap files could expose secrets. Found in crypto.go:107, passphraseunlocker.go:29-48, cli/crypto.go:89,193, pgpunlocker.go:278, keychainunlocker.go:252,346.

HIGH PRIORITY SECURITY ISSUES

  • 4. Application crashes on corrupted metadata: Code panics instead of returning errors when metadata is corrupt, causing denial of service. Found in pgpunlocker.go:116 and keychainunlocker.go:141.

  • 5. Insufficient input validation: Secret names allow potentially dangerous patterns including dots that could enable path traversal attacks (vault/secrets.go:70-93).

  • 6. Race conditions in file operations: Multiple concurrent operations could corrupt the vault state due to lack of file locking mechanisms.

  • 7. Insecure temporary file handling: Temporary files containing sensitive data may not be properly cleaned up or secured.

HIGH PRIORITY FUNCTIONALITY ISSUES

  • 8. Inappropriate Cobra usage printing: Commands currently print usage information for all errors, including internal program failures. Usage should only be printed when the user provides incorrect arguments or invalid commands.

  • 9. Missing current unlock key initialization: When creating vaults, no default unlock key is selected, which can cause operations to fail.

  • 10. Add confirmation prompts for destructive operations: Operations like keys rm and vault deletion should require confirmation.

  • 11. No secret deletion command: Missing secret rm <secret-name> functionality.

  • 12. Missing vault deletion command: No way to delete vaults that are no longer needed.

MEDIUM PRIORITY ISSUES

  • 13. Inconsistent error messages: Error messages need standardization and should be user-friendly. Many errors currently expose internal implementation details.

  • 14. No graceful handling of corrupted state: If key files are corrupted or missing, the tool should provide clear error messages and recovery suggestions.

  • 15. No validation of GPG key existence: Should verify the specified GPG key exists before creating PGP unlock keys.

  • 16. Better separation of concerns: Some functions in CLI do too much and should be split.

  • 17. Environment variable security: Sensitive data read from environment variables (SB_UNLOCK_PASSPHRASE, SB_SECRET_MNEMONIC) without proper clearing. Document security implications.

  • 18. No secure memory allocation: No use of mlock/munlock to prevent sensitive data from being swapped to disk.

LOWER PRIORITY ENHANCEMENTS

  • 19. Add --help examples: Command help should include practical examples for each operation.

  • 20. Add shell completion: Bash/Zsh completion for commands and secret names.

  • 21. Colored output: Use colors to improve readability of lists and error messages.

  • 22. Add --quiet flag: Option to suppress non-essential output.

  • 23. Smart secret name suggestions: When a secret name is not found, suggest similar names.

  • 24. Audit logging: Log all secret access and modifications for security auditing.

  • 25. Integration tests for hardware features: Automated testing of Keychain and GPG functionality.

  • 26. Consistent naming conventions: Some variables and functions use inconsistent naming patterns.

  • 27. Export/import functionality: Add ability to export/import entire vaults, not just individual secrets.

  • 28. Batch operations: Add commands to process multiple secrets at once.

  • 29. Search functionality: Add ability to search secret names and potentially contents.

  • 30. Secret metadata: Add support for descriptions, tags, or other metadata with secrets.

COMPLETED ITEMS ✓

  • Missing secret history/versioning: ✓ Implemented - versioning system exists with --version flag support
  • XDG compliance on Linux: ✓ Implemented - uses os.UserConfigDir() which respects XDG_CONFIG_HOME
  • Consistent interface implementation: ✓ Implemented - Unlocker interface is well-defined and consistently implemented