Skip to content

Add secret manager #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zfarrell merged 41 commits into from
Dec 18, 2025
Merged

Add secret manager #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
8fd0ef8
docs: add secret manager design
zfarrell Dec 15, 2025
14e1268
feat(secrets): add encryption dependencies
zfarrell Dec 15, 2025
e83d639
feat(secrets): add secret name validation
zfarrell Dec 15, 2025
9aed8a4
feat(secrets): add SecretManager trait and types
zfarrell Dec 15, 2025
ef0413b
feat(secrets): add AES-256-GCM-SIV encryption
zfarrell Dec 15, 2025
04f8cac
feat(secrets): add secrets tables to v1 migration
zfarrell Dec 15, 2025
16c69cf
feat(secrets): add EncryptedSecretManager implementation
zfarrell Dec 16, 2025
be8949d
feat(secrets): add HTTP request/response models
zfarrell Dec 16, 2025
b783854
feat(secrets): add HTTP handlers for secrets API
zfarrell Dec 16, 2025
5bc0027
feat(secrets): register secret API routes
zfarrell Dec 16, 2025
7e1b2ad
feat(secrets): wire SecretManager into RivetEngine
zfarrell Dec 16, 2025
846091b
feat(source): refactor Source enum for secret references
zfarrell Dec 16, 2025
032a8f7
feat(datafetch): add secrets parameter to DataFetcher trait
zfarrell Dec 16, 2025
e091066
feat(engine): add secret_key builder method
zfarrell Dec 16, 2025
d53e698
chore: add rand dev-dependency for test key generation
zfarrell Dec 16, 2025
e389f06
test: update tests for secret manager integration
zfarrell Dec 16, 2025
a040d79
fix(secrets): make secret manager mandatory with fail-fast
zfarrell Dec 17, 2025
dc3d1c2
refactor(secrets): decouple metadata from encrypted storage
zfarrell Dec 17, 2025
762e0d1
refactor(secrets): extract provider type as constant
zfarrell Dec 17, 2025
c8bd128
refactor(source): move connection string logic to drivers
zfarrell Dec 17, 2025
6256e34
refactor(secrets): introduce SecretBackend abstraction
zfarrell Dec 17, 2025
75afd8a
refactor(secrets): make SecretManager mandatory in APIs
zfarrell Dec 17, 2025
1d728c4
fix(secrets): surface provider_ref in metadata and backend
zfarrell Dec 17, 2025
8e5d15e
refactor(secrets): split put into distinct create/update flows
zfarrell Dec 17, 2025
5ce2c67
fix(secrets): propagate backend errors on delete
zfarrell Dec 17, 2025
669a508
feat(secrets): implement three-phase delete with status column
zfarrell Dec 17, 2025
71d36dc
fix(secrets): use db constraint to prevent create race
zfarrell Dec 17, 2025
ec4e58a
fix(secrets): allow delete retry for pending_delete secrets
zfarrell Dec 17, 2025
c510d13
fix(http): include validation hint in InvalidName API error
zfarrell Dec 17, 2025
b488dca
fix(secrets): add optimistic locking for concurrent creates
zfarrell Dec 18, 2025
c2f92de
Merge remote-tracking branch 'origin/main' into feat/secret-manager
zfarrell Dec 18, 2025
7099b2b
test(secrets): add PUT /secrets/{name} tests and fix flaky test
zfarrell Dec 18, 2025
87d7153
prevent log spam; truncate invalid secret names to max characters
zfarrell Dec 18, 2025
49a7365
update design doc
zfarrell Dec 18, 2025
5af3365
cargo fmt
zfarrell Dec 18, 2025
89c8f99
clippy fixes
zfarrell Dec 18, 2025
519ab06
allow for default security key to simplify onboarding
zfarrell Dec 18, 2025
1d2d7e5
remove duplication with error messages
zfarrell Dec 18, 2025
83f4da3
improve error message
zfarrell Dec 18, 2025
bd17d43
remove duplicate row struct
zfarrell Dec 18, 2025
a239384
simplify into query builder
zfarrell Dec 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,11 @@ tracing-subscriber = { version = "0.3", features = ["env-filter"] }
thiserror = "2.0.17"
uuid = { version = "1.11", features = ["v4"] }
urlencoding = "2.1"
aes-gcm-siv = "0.11"
base64 = "0.22"

[dev-dependencies]
testcontainers = "0.23"
testcontainers-modules = { version = "0.11", features = ["postgres"] }
proptest = "1.6"
rand = "0.8"
Loading
Loading