Expand description
SecretSource trait + supporting types per ADR-021 §1.
A source is any backend able to answer questions about secrets:
the OS keychain, the encrypted local vault from ADR-023, the
1Password CLI, a HashiCorp Vault server, an env-store mount, or a
community subprocess plugin. The router (epic phase P5.2 / P5.3)
maps an ADR-020 path to a (source, reference) pair and then
invokes the source’s SecretSource::get / list / validate
through this trait.
Two design choices worth knowing:
- Sources do not understand ADR-020 paths. They take an
opaque
reference: &str. Mapping a path to a reference is the router’s job. This separation lets a source plugin be written without any awareness of the manifest layer, which keeps the plugin protocol (P15) tiny. - Capabilities are explicit, not inferred. A source whose
only operation is
READdeclares exactly that. The router refuses to callWRITEon it without trying — the failure is structured (SourceError::UnsupportedCapability) rather than a network round-trip that returns “method not allowed”.
§What this module does not define
- The router itself (P5.2).
- Any specific source impl (
keychain,local-vault,1password, …) — those land in P6. - The recursion check that enforces the
__sources/<source>/<profile>invariant — that’s P5.5. - The
Capabilities-aware in-memory cache — P5.4.
Structs§
- Capabilities
- What a source can do, plus two descriptive flags consumed by
doctorand the agent provisioning surface. - GetOutcome
- Successful payload of
SecretSource::get. - Remote
Ref - One entry returned by
SecretSource::list.
Enums§
- Credential
Ref - What a source needs to be operational.
- Source
Error - All the ways a source operation can fail.
- Source
Status - Snapshot of a source’s connectivity at the moment of the call.
Traits§
- Secret
Source - Backend-agnostic interface for any “place secrets live.”