Expand description
Fernet decryption of gobby’s SecretStore.
Replicates the Python chain:
- Read ~/.gobby/machine_id (plain text)
- Read ~/.gobby/.secret_salt (16 raw bytes)
- PBKDF2-HMAC-SHA256(password=machine_id, salt=salt, iterations=600_000, length=32)
- base64url_encode(key_bytes) → Fernet key
- Fernet(key).decrypt(encrypted_value) → plaintext
Source: src/gobby/storage/secrets.py, src/gobby/utils/machine_id.py
Functions§
- resolve_
config_ value - Resolve
$secret:NAMEand${VAR}patterns in a config value. - resolve_
secret - Resolve a secret by name from the secrets table in the PostgreSQL hub.