Skip to main content

Module secret_path

Module secret_path 

Source
Expand description

Secret path validation per ADR-020 §2.

A secret path is the canonical name of a secret in the devboy-tools namespace. It is a /-separated sequence of lowercase kebab-case segments shaped as <scope>/<provider>/<purpose> (minimum three segments).

The validator is the entry gate for every layer above the credential store — the manifest loader, the alias resolver, the source router. Drift in the namespace silently degrades into “every project invents its own pattern”, so this module rejects non-conforming paths as a hard error.

§Examples

use devboy_storage::SecretPath;

let p: SecretPath = "team/gitlab/token-deploy".parse().unwrap();
assert_eq!(p.scope(), "team");
assert_eq!(p.provider(), "gitlab");
assert_eq!(p.purpose(), "token-deploy");
assert!(!p.is_internal());

assert!("gitlab.token".parse::<SecretPath>().is_err());
assert!("team/gitlab".parse::<SecretPath>().is_err());
assert!("__sources/vault/token".parse::<SecretPath>().is_err());

Structs§

SecretPath
A validated secret path.

Enums§

PathError
Failure modes when parsing a SecretPath.