# `AshAuthentication.Secret`
[🔗](https://github.com/team-alembic/ash_authentication/blob/main/lib/ash_authentication/secret.ex#L5)

A module to implement retrieving of secrets.

Allows you to implement secrets access via your method or choice at runtime.

The context parameter is either a map with the `conn` key containing the Plug.Conn
if the secret is being retrieved in a plug, or the context of the ash action it is
called in

## Example

```elixir
defmodule MyApp.GetSecret do
  use AshAuthentication.Secret

  def secret_for([:authentication, :strategies, :oauth2, :client_id], MyApp.User, _opts, _context), do: Application.fetch_env(:my_app, :oauth_client_id)
end

defmodule MyApp.Accounts.User do
  use Ash.Resource,
    extensions: [AshAuthentication],
    domain: MyApp.Accounts

  authentication do
    strategies do
      oauth2 do
        client_id MyApp.GetSecret
        client_secret MyApp.GetSecret
      end
    end
  end
end
```

You can also implement it directly as a function:

```elixir
defmodule MyApp.User do
   use Ash.Resource,
    extensions: [AshAuthentication],
    domain: MyApp.Accounts

  authentication do
    strategies do
      oauth2 do
        client_id fn _secret, _resource ->
          Application.fetch_env(:my_app, :oauth_client_id)
        end
      end
    end
  end
end
```

## Secret name

Because you may wish to reuse this module for a number of different providers
and resources, the first argument passed to the callback is the "secret name",
it contains the "path" to the option being set.  The path is made up of a list
containing the DSL path to the secret.

# `secret_for`
*optional* 

> This callback is deprecated. Use AshAuthentication.Secret.secret_for/4 instead.

```elixir
@callback secret_for(secret_name :: [atom()], Ash.Resource.t(), keyword()) ::
  {:ok, String.t()} | :error
```

# `secret_for`
*optional* 

```elixir
@callback secret_for(
  secret_name :: [atom()],
  Ash.Resource.t(),
  keyword(),
  context :: map()
) ::
  {:ok, String.t()} | :error
```

Secret retrieval callback.

This function will be called with the "secret name", see the module
documentation for more info.

The context paramter is either a map with the `conn` key containing the Plug.Conn
if the secret is being retrieved in a plug, or the context of the ash action it is
called in

---

*Consult [api-reference.md](api-reference.md) for complete listing*