ks 0.2.0

Key Store
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

//! Secret value data model.
//!
//! A [`Secret`] is the deserialised payload of an encrypted `.age` file. It
//! carries the primary value, optional named fields, free-form notes,
//! timestamps and a discriminator (`kind`) for special types such as TOTP.

use std::collections::BTreeMap;
use std::time::{SystemTime, UNIX_EPOCH};

use serde::{Deserialize, Serialize};
use zeroize::Zeroizing;

/// Current on-disk secret format version.
pub const SECRET_FORMAT_VERSION: u32 = 1;

/// Discriminator for the kind of secret stored in [`Secret::value`].
#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum Kind {
    /// A plain secret value (password, API token, …).
    #[default]
    Secret,
    /// A TOTP `otpauth://` URL or raw base32 secret; used by `ks otp`.
    Totp,
}

/// In-memory representation of a secret.
///
/// `value` and entries of `fields` are wrapped in [`Zeroizing`] so they are
/// scrubbed from memory on drop.
#[derive(Debug, Clone)]
pub struct Secret {
    /// The primary secret value.
    pub value: Zeroizing<String>,
    /// Additional named fields (e.g. `region`, `username`).
    pub fields: BTreeMap<String, Zeroizing<String>>,
    /// Human-readable note. Not treated as secret.
    pub note: String,
    /// What kind of value this is. `Totp` triggers TOTP generation in `ks otp`.
    pub kind: Kind,
    /// Unix timestamp (seconds) when this secret was created.
    pub created_at: u64,
    /// Unix timestamp (seconds) when this secret was last updated.
    pub updated_at: u64,
}

impl Secret {
    /// Creates a new plain secret with the given primary value.
    #[must_use]
    pub fn new(value: impl Into<String>) -> Self {
        let now = unix_now();
        Self {
            value: Zeroizing::new(value.into()),
            fields: BTreeMap::new(),
            note: String::new(),
            kind: Kind::Secret,
            created_at: now,
            updated_at: now,
        }
    }

    /// Marks this secret as a TOTP source (otpauth URL or raw base32).
    #[must_use]
    pub const fn into_totp(mut self) -> Self {
        self.kind = Kind::Totp;
        self
    }

    /// Attaches a note and returns `self` (builder pattern).
    #[must_use]
    pub fn with_note(mut self, note: impl Into<String>) -> Self {
        self.note = note.into();
        self
    }

    /// Inserts or updates an additional field and bumps `updated_at`.
    pub fn set_field(&mut self, key: impl Into<String>, value: impl Into<String>) {
        self.fields.insert(key.into(), Zeroizing::new(value.into()));
        self.updated_at = unix_now();
    }

    /// Returns the value of an additional field, or `None` if absent.
    #[must_use]
    pub fn field(&self, key: &str) -> Option<&str> {
        self.fields.get(key).map(|v| v.as_str())
    }
}

/// Wire format actually serialised to disk inside the encrypted `.age` file.
#[derive(Debug, Serialize, Deserialize)]
pub(crate) struct Wire {
    pub(crate) v: u32,
    pub(crate) value: String,
    #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
    pub(crate) fields: BTreeMap<String, String>,
    #[serde(default, skip_serializing_if = "String::is_empty")]
    pub(crate) note: String,
    #[serde(default)]
    pub(crate) kind: Kind,
    pub(crate) created_at: u64,
    pub(crate) updated_at: u64,
}

impl From<&Secret> for Wire {
    fn from(s: &Secret) -> Self {
        Self {
            v: SECRET_FORMAT_VERSION,
            value: (*s.value).clone(),
            fields: s
                .fields
                .iter()
                .map(|(k, v)| (k.clone(), (**v).clone()))
                .collect(),
            note: s.note.clone(),
            kind: s.kind,
            created_at: s.created_at,
            updated_at: s.updated_at,
        }
    }
}

impl From<Wire> for Secret {
    fn from(w: Wire) -> Self {
        Self {
            value: Zeroizing::new(w.value),
            fields: w
                .fields
                .into_iter()
                .map(|(k, v)| (k, Zeroizing::new(v)))
                .collect(),
            note: w.note,
            kind: w.kind,
            created_at: w.created_at,
            updated_at: w.updated_at,
        }
    }
}

fn unix_now() -> u64 {
    SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap_or_default()
        .as_secs()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn roundtrip_preserves_fields() {
        let mut s = Secret::new("ghp_token").with_note("PAT");
        s.set_field("scope", "repo,workflow");
        let wire = Wire::from(&s);
        let json = serde_json::to_vec(&wire).expect("serialise");
        let parsed: Wire = serde_json::from_slice(&json).expect("parse");
        let restored: Secret = parsed.into();
        assert_eq!(&*restored.value, "ghp_token");
        assert_eq!(restored.note, "PAT");
        assert_eq!(restored.field("scope"), Some("repo,workflow"));
        assert_eq!(restored.kind, Kind::Secret);
    }

    #[test]
    fn totp_kind_roundtrips() {
        let s = Secret::new("otpauth://totp/...").into_totp();
        let json = serde_json::to_vec(&Wire::from(&s)).expect("serialise");
        let parsed: Wire = serde_json::from_slice(&json).expect("parse");
        assert_eq!(parsed.kind, Kind::Totp);
    }
}