Class: Aidp::Database::Repositories::SecretsRepository
- Inherits:
-
Aidp::Database::Repository
- Object
- Aidp::Database::Repository
- Aidp::Database::Repositories::SecretsRepository
- Defined in:
- lib/aidp/database/repositories/secrets_repository.rb
Overview
Repository for secrets_registry table Replaces security/secrets_registry.json Note: Only stores metadata about secrets, never actual values
Instance Attribute Summary
Attributes inherited from Aidp::Database::Repository
Instance Method Summary collapse
-
#env_var_for(name) ⇒ String?
Get env var for a secret.
-
#env_var_registered?(env_var) ⇒ Boolean
Check if an env var is registered.
-
#env_vars_to_strip ⇒ Array<String>
Get env vars that should be stripped.
-
#find(name) ⇒ Hash?
(also: #get)
Get registration details.
-
#initialize(project_dir: Dir.pwd) ⇒ SecretsRepository
constructor
A new instance of SecretsRepository.
-
#list ⇒ Array<Hash>
List all registered secrets.
-
#name_for_env_var(env_var) ⇒ String?
Get secret name for an env var.
-
#register(name:, env_var:, description: nil, scopes: []) ⇒ Hash
Register a secret.
-
#registered?(name) ⇒ Boolean
Check if secret is registered.
-
#unregister(name:) ⇒ Boolean
Unregister a secret.
Constructor Details
#initialize(project_dir: Dir.pwd) ⇒ SecretsRepository
Returns a new instance of SecretsRepository.
13 14 15 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 13 def initialize(project_dir: Dir.pwd) super(project_dir: project_dir, table_name: "secrets_registry") end |
Instance Method Details
#env_var_for(name) ⇒ String?
Get env var for a secret
111 112 113 114 115 116 117 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 111 def env_var_for(name) row = query_one( "SELECT env_var FROM secrets_registry WHERE project_dir = ? AND secret_name = ?", [project_dir, name] ) row&.dig("env_var") end |
#env_var_registered?(env_var) ⇒ Boolean
Check if an env var is registered
150 151 152 153 154 155 156 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 150 def env_var_registered?(env_var) count = query_value( "SELECT COUNT(*) FROM secrets_registry WHERE project_dir = ? AND env_var = ?", [project_dir, env_var] ) count.positive? end |
#env_vars_to_strip ⇒ Array<String>
Get env vars that should be stripped
138 139 140 141 142 143 144 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 138 def env_vars_to_strip rows = query( "SELECT DISTINCT env_var FROM secrets_registry WHERE project_dir = ?", [project_dir] ) rows.map { |r| r["env_var"] }.compact end |
#find(name) ⇒ Hash? Also known as: get
Get registration details
96 97 98 99 100 101 102 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 96 def find(name) row = query_one( "SELECT * FROM secrets_registry WHERE project_dir = ? AND secret_name = ?", [project_dir, name] ) deserialize_secret(row) end |
#list ⇒ Array<Hash>
List all registered secrets
122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 122 def list rows = query( "SELECT * FROM secrets_registry WHERE project_dir = ? ORDER BY registered_at", [project_dir] ) rows.map do |row| secret = deserialize_secret(row) secret[:has_value] = ENV.key?(secret[:env_var]) if secret secret end.compact end |
#name_for_env_var(env_var) ⇒ String?
Get secret name for an env var
162 163 164 165 166 167 168 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 162 def name_for_env_var(env_var) row = query_one( "SELECT secret_name FROM secrets_registry WHERE project_dir = ? AND env_var = ?", [project_dir, env_var] ) row&.dig("secret_name") end |
#register(name:, env_var:, description: nil, scopes: []) ⇒ Hash
Register a secret
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 24 def register(name:, env_var:, description: nil, scopes: []) now = secret_id = SecureRandom.hex(8) # Warn if env var doesn't exist unless ENV.key?(env_var) Aidp.log_warn("secrets_repository", "env_var_not_found", name: name, env_var: env_var) end execute( insert_sql([ :project_dir, :secret_id, :secret_name, :env_var, :description, :scopes, :registered_at ]), [ project_dir, secret_id, name, env_var, description, serialize_json(scopes), now ] ) Aidp.log_debug("secrets_repository", "registered", name: name, env_var: env_var) { id: secret_id, name: name, env_var: env_var, description: description, scopes: scopes, registered_at: now } end |
#registered?(name) ⇒ Boolean
Check if secret is registered
84 85 86 87 88 89 90 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 84 def registered?(name) count = query_value( "SELECT COUNT(*) FROM secrets_registry WHERE project_dir = ? AND secret_name = ?", [project_dir, name] ) count.positive? end |
#unregister(name:) ⇒ Boolean
Unregister a secret
67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 67 def unregister(name:) existing = find(name) return false unless existing execute( "DELETE FROM secrets_registry WHERE project_dir = ? AND secret_name = ?", [project_dir, name] ) Aidp.log_debug("secrets_repository", "unregistered", name: name) true end |