siphon_secrets/lib.rs
1//! Secret management with multiple backend support
2//!
3//! This crate provides a unified interface for resolving secrets from various backends:
4//!
5//! - **OS Keychain** (`keychain://service/key`): macOS Keychain, Windows Credential Manager, Linux Secret Service
6//! - **1Password CLI** (`op://vault/item/field`): Requires `op` CLI to be installed and authenticated
7//! - **Environment variables** (`env://VAR_NAME`): Read from process environment
8//! - **Files** (`file:///path` or just `/path`): Read content from filesystem
9//! - **Plain values**: Any string without a URI scheme is treated as a literal value
10//!
11//! # Example
12//!
13//! ```rust,ignore
14//! use siphon_secrets::{SecretUri, SecretResolver};
15//!
16//! // Parse a secret URI from config
17//! let uri: SecretUri = "keychain://myapp/api-token".parse()?;
18//!
19//! // Resolve to actual value
20//! let resolver = SecretResolver::new();
21//! let secret = resolver.resolve(&uri)?;
22//! ```
23//!
24//! # Features
25//!
26//! - `keychain` (default): Enable OS keychain support via `keyring` crate
27//! - `onepassword` (default): Enable 1Password CLI support
28//! - `env` (default): Enable environment variable support
29//! - `file` (default): Enable file reading support
30
31mod backends;
32mod error;
33mod resolver;
34mod uri;
35
36pub use error::SecretError;
37pub use resolver::SecretResolver;
38pub use uri::SecretUri;
39
40// Re-export keychain utilities for setup/management
41#[cfg(feature = "keychain")]
42pub mod keychain {
43 pub use crate::backends::keychain::{delete, resolve, store};
44}