Class: Aidp::Database::Repositories::SecretsRepository

Inherits:
Aidp::Database::Repository show all
Defined in:
lib/aidp/database/repositories/secrets_repository.rb

Overview

Repository for secrets_registry table Replaces security/secrets_registry.json Note: Only stores metadata about secrets, never actual values

Instance Attribute Summary

Attributes inherited from Aidp::Database::Repository

#project_dir, #table_name

Instance Method Summary collapse

Constructor Details

#initialize(project_dir: Dir.pwd) ⇒ SecretsRepository

Returns a new instance of SecretsRepository.



13
14
15
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 13

def initialize(project_dir: Dir.pwd)
  super(project_dir: project_dir, table_name: "secrets_registry")
end

Instance Method Details

#env_var_for(name) ⇒ String?

Get env var for a secret

Parameters:

  • name (String)

    Secret name

Returns:

  • (String, nil)

    Env var name or nil



111
112
113
114
115
116
117
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 111

def env_var_for(name)
  row = query_one(
    "SELECT env_var FROM secrets_registry WHERE project_dir = ? AND secret_name = ?",
    [project_dir, name]
  )
  row&.dig("env_var")
end

#env_var_registered?(env_var) ⇒ Boolean

Check if an env var is registered

Parameters:

  • env_var (String)

    Environment variable name

Returns:

  • (Boolean)


150
151
152
153
154
155
156
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 150

def env_var_registered?(env_var)
  count = query_value(
    "SELECT COUNT(*) FROM secrets_registry WHERE project_dir = ? AND env_var = ?",
    [project_dir, env_var]
  )
  count.positive?
end

#env_vars_to_stripArray<String>

Get env vars that should be stripped

Returns:

  • (Array<String>)


138
139
140
141
142
143
144
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 138

def env_vars_to_strip
  rows = query(
    "SELECT DISTINCT env_var FROM secrets_registry WHERE project_dir = ?",
    [project_dir]
  )
  rows.map { |r| r["env_var"] }.compact
end

#find(name) ⇒ Hash? Also known as: get

Get registration details

Parameters:

  • name (String)

    Secret name

Returns:

  • (Hash, nil)

    Registration or nil



96
97
98
99
100
101
102
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 96

def find(name)
  row = query_one(
    "SELECT * FROM secrets_registry WHERE project_dir = ? AND secret_name = ?",
    [project_dir, name]
  )
  deserialize_secret(row)
end

#listArray<Hash>

List all registered secrets

Returns:

  • (Array<Hash>)


122
123
124
125
126
127
128
129
130
131
132
133
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 122

def list
  rows = query(
    "SELECT * FROM secrets_registry WHERE project_dir = ? ORDER BY registered_at",
    [project_dir]
  )

  rows.map do |row|
    secret = deserialize_secret(row)
    secret[:has_value] = ENV.key?(secret[:env_var]) if secret
    secret
  end.compact
end

#name_for_env_var(env_var) ⇒ String?

Get secret name for an env var

Parameters:

  • env_var (String)

    Environment variable name

Returns:

  • (String, nil)

    Secret name or nil



162
163
164
165
166
167
168
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 162

def name_for_env_var(env_var)
  row = query_one(
    "SELECT secret_name FROM secrets_registry WHERE project_dir = ? AND env_var = ?",
    [project_dir, env_var]
  )
  row&.dig("secret_name")
end

#register(name:, env_var:, description: nil, scopes: []) ⇒ Hash

Register a secret

Parameters:

  • name (String)

    Secret name

  • env_var (String)

    Environment variable containing the secret

  • description (String, nil) (defaults to: nil)

    Description

  • scopes (Array<String>) (defaults to: [])

    Allowed operation scopes

Returns:

  • (Hash)

    Registration details



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 24

def register(name:, env_var:, description: nil, scopes: [])
  now = current_timestamp
  secret_id = SecureRandom.hex(8)

  # Warn if env var doesn't exist
  unless ENV.key?(env_var)
    Aidp.log_warn("secrets_repository", "env_var_not_found",
      name: name, env_var: env_var)
  end

  execute(
    insert_sql([
      :project_dir, :secret_id, :secret_name, :env_var,
      :description, :scopes, :registered_at
    ]),
    [
      project_dir,
      secret_id,
      name,
      env_var,
      description,
      serialize_json(scopes),
      now
    ]
  )

  Aidp.log_debug("secrets_repository", "registered",
    name: name, env_var: env_var)

  {
    id: secret_id,
    name: name,
    env_var: env_var,
    description: description,
    scopes: scopes,
    registered_at: now
  }
end

#registered?(name) ⇒ Boolean

Check if secret is registered

Parameters:

  • name (String)

    Secret name

Returns:

  • (Boolean)


84
85
86
87
88
89
90
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 84

def registered?(name)
  count = query_value(
    "SELECT COUNT(*) FROM secrets_registry WHERE project_dir = ? AND secret_name = ?",
    [project_dir, name]
  )
  count.positive?
end

#unregister(name:) ⇒ Boolean

Unregister a secret

Parameters:

  • name (String)

    Secret name

Returns:

  • (Boolean)

    true if removed



67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/aidp/database/repositories/secrets_repository.rb', line 67

def unregister(name:)
  existing = find(name)
  return false unless existing

  execute(
    "DELETE FROM secrets_registry WHERE project_dir = ? AND secret_name = ?",
    [project_dir, name]
  )

  Aidp.log_debug("secrets_repository", "unregistered", name: name)
  true
end