Package dev.enola.common.secret.exec

Class ExecPassSecretManager

java.lang.Object
dev.enola.common.secret.exec.ExecPassSecretManager
All Implemented Interfaces:
SecretManager
@ThreadSafe public class ExecPassSecretManager extends Object implements SecretManager
ExecPassSecretManager is an implementation of SecretManager which "shells out" (exec) to [something like] pass (for every secret).

We recommend using this with GPG on a YubiKey that requires "touch" to decrypt secrets.

  • Constructor Details

  • Method Details

    • getOptional

      public Optional<Secret> getOptional(String key)
      Description copied from interface: SecretManager
      Retrieves a secret by its key, with optionality.
      Specified by:
      getOptional in interface SecretManager
      Parameters:
      key - The unique key (name) of the secret to retrieve.
      Returns:
      An Optional containing the Secret, if found.

    • store

      public void store(String key, char @Nullable [] value)
      Description copied from interface: SecretManager
      Stores a secret value associated with a unique key. The sensitive value is provided as a char array. Implementations will zero out the input value array immediately after calling this method for security. If a secret with the same key already exists, its value is overwritten.
      Specified by:
      store in interface SecretManager
      Parameters:
      key - The unique key (name) for the secret.
      value - The sensitive secret value as a character array.

    • delete

      public void delete(String key)
      Description copied from interface: SecretManager
      Deletes a secret from the manager.
      Specified by:
      delete in interface SecretManager
      Parameters:
      key - The unique key (name) of the secret to delete.

    • main

      public static void main(String[] args)