envseal 0.3.14

Write-only secret vault with process-level access control — post-agent secret management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

//! Full lifecycle: open → store → list → decrypt → revoke → list.
use envseal::vault::Vault;

#[test]
fn full_workflow() {
    let dir = crate::common::vault_tempdir();
    let passphrase = crate::common::test_passphrase();
    let vault = Vault::open_with_passphrase(dir.path(), &passphrase).unwrap();

    // Store
    vault.store("api-key", b"sk-abc123", false).unwrap();
    vault.store("db-password", b"hunter2", false).unwrap();

    // List
    let names = vault.list().unwrap();
    assert_eq!(names, vec!["api-key", "db-password"]);

    // Decrypt
    let db = vault.decrypt("db-password").unwrap();
    assert_eq!(&db[..], b"hunter2");

    // Revoke
    vault.revoke("api-key").unwrap();
    let names = vault.list().unwrap();
    assert_eq!(names, vec!["db-password"]);
}