View Source SecretVault (SecretVault v1.2.2)
Runtime interface to manipulate on-disk secrets.
Summary
Types
Name of a secret
:unknown_prefixmeans that directory with secrets is not present on disk:secret_not_foundmeans that secret file itself is not present
Binary value you want to store in secret.
To store arbitary structures, try usings :erlang.term_to_binary/2
Functions
Remove secret name from the vault specified by the config from disk.
Tells whether the secret name exists.
Fetch a clear text value of the secret name using the config. Reads
a data from disk storage, decrypts it, and returns the result of an operation
in an "either" manner.
Fetch a clear text value of the secret name using the config.
Asynchronously fetches all secrets from the vault specified by the config from disk.
This function returns a map or error in "either" manner.
Get a clear text value of the secret name using the config. Reads
a data from disk storage, decrypts it, and returns the default if secret was not found.
Show all secrets' names available. It reads secrets from directory specified by config
and retruns a list of names with no particular order.
Put data as a value of the secret name using the config. This function
writes encrypted data to the disk, therefore use this with caution. If you
want to write data in runtime, it is recommended to create singleton
process to perform mutating operations
Like SecretVault.runtime_secret!/3 but accepts default value when secret is not found
as the third parameter.
Helper macro for getting secrets in config/runtime.exs file.
Types
@type name() :: String.t()
Name of a secret
@type reason() :: {:unknown_prefix, SecretVault.Config.prefix(), env :: String.t()} | {:secret_not_found, name :: String.t(), env :: String.t()}
:unknown_prefixmeans that directory with secrets is not present on disk:secret_not_foundmeans that secret file itself is not present
@type value() :: binary()
Binary value you want to store in secret.
To store arbitary structures, try usings :erlang.term_to_binary/2
Functions
@spec delete(SecretVault.Config.t(), name()) :: :ok | {:error, reason()}
Remove secret name from the vault specified by the config from disk.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.delete(config, "db_password")
iex> SecretVault.fetch(config, "db_password")
{:error, {:secret_not_found, "db_password", "test"}}@spec exists?(SecretVault.Config.t(), name()) :: boolean()
Tells whether the secret name exists.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.exists?(config, "db_password")
true
iex> SecretVault.exists?(config, "non_present_password")
false@spec fetch(SecretVault.Config.t(), name()) :: {:ok, value()} | {:error, error} when error: reason() | :invalid_encryption_key
Fetch a clear text value of the secret name using the config. Reads
a data from disk storage, decrypts it, and returns the result of an operation
in an "either" manner.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.fetch(config, "db_password")
{:ok, "super_secret_password"}
iex> SecretVault.fetch(config, "non_present_password")
{:error, {:secret_not_found, "non_present_password", "test"}}@spec fetch!(SecretVault.Config.t(), name()) :: value()
Fetch a clear text value of the secret name using the config.
Fetch a clear text value of the secret name using the config. Reads
a data from disk storage, decrypts it, and returns the decrypted data or
raises if no secret with the name found.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.fetch!(config, "db_password")
"super_secret_password"@spec fetch_all(SecretVault.Config.t()) :: {:ok, %{required(name()) => value()}} | {:error, {name(), reason()}} | {:error, reason()}
Asynchronously fetches all secrets from the vault specified by the config from disk.
This function returns a map or error in "either" manner.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.put(config, "admin_password", "another_password")
iex> SecretVault.fetch_all(config)
{:ok, %{"db_password" => "super_secret_password", "admin_password" => "another_password"}}@spec get(SecretVault.Config.t(), name(), default :: value()) :: value()
Get a clear text value of the secret name using the config. Reads
a data from disk storage, decrypts it, and returns the default if secret was not found.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.get(config, "db_password")
"super_secret_password"
iex> SecretVault.get(config, "non_present_password")
""@spec list(SecretVault.Config.t()) :: {:ok, [String.t()]} | {:error, :unknown_prefix}
Show all secrets' names available. It reads secrets from directory specified by config
and retruns a list of names with no particular order.
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.put(config, "admin_password", "another_password")
iex> {:ok, names} = SecretVault.list(config)
iex> "db_password" in names
true
iex> "admin_password" in names
true@spec put(SecretVault.Config.t(), name(), value()) :: :ok | {:error, File.posix()}
Put data as a value of the secret name using the config. This function
writes encrypted data to the disk, therefore use this with caution. If you
want to write data in runtime, it is recommended to create singleton
process to perform mutating operations
Example:
iex> config = SecretVault.Config.test_config
iex> SecretVault.put(config, "db_password", "super_secret_password")
iex> SecretVault.get(config, "db_password")
"super_secret_password"Like SecretVault.runtime_secret!/3 but accepts default value when secret is not found
as the third parameter.
Helper macro for getting secrets in config/runtime.exs file.
Example
# in `config/runtime.exs`
import Config
import SecretVault, only: [runtime_secret!: 2]
config :my_app, MyApp.Repo,
password: runtime_secret!(:my_app, "database_password")For a list of available options, see SecretVault.Config.config_option/0