Expand description
Secret path validation per ADR-020 §2.
A secret path is the canonical name of a secret in the
devboy-tools namespace. It is a /-separated sequence of
lowercase kebab-case segments shaped as
<scope>/<provider>/<purpose> (minimum three segments).
The validator is the entry gate for every layer above the credential store — the manifest loader, the alias resolver, the source router. Drift in the namespace silently degrades into “every project invents its own pattern”, so this module rejects non-conforming paths as a hard error.
§Examples
use devboy_storage::SecretPath;
let p: SecretPath = "team/gitlab/token-deploy".parse().unwrap();
assert_eq!(p.scope(), "team");
assert_eq!(p.provider(), "gitlab");
assert_eq!(p.purpose(), "token-deploy");
assert!(!p.is_internal());
assert!("gitlab.token".parse::<SecretPath>().is_err());
assert!("team/gitlab".parse::<SecretPath>().is_err());
assert!("__sources/vault/token".parse::<SecretPath>().is_err());Structs§
- Secret
Path - A validated secret path.
Enums§
- Path
Error - Failure modes when parsing a
SecretPath.