Crate elizaos_plugin_secrets_manager 

elizaOS Secrets Manager Plugin

Multi-level secrets management with encryption, validation, and dynamic plugin activation.

Overview

This crate provides a comprehensive secrets management solution for elizaOS agents:

• Multi-level storage: Global (agent-wide), World (server/channel), and User (per-user) secrets
• Strong encryption: AES-256-GCM encryption with secure key derivation
• Validation: Built-in validators for common API keys (OpenAI, Anthropic, etc.)
• Dynamic activation: Plugins can be activated once their required secrets are available
• Access logging: Track who accessed what secrets and when

Example

use elizaos_plugin_secrets_manager::{
    SecretsService, SecretsServiceConfig, SecretContext
};

#[tokio::main]
async fn main() {
    // Create the service
    let service = SecretsService::new("agent-123", SecretsServiceConfig::default());
    service.start().await.unwrap();

    // Set a global secret
    service.set_global("OPENAI_API_KEY", "sk-...", None).await.unwrap();

    // Get the secret
    let key = service.get_global("OPENAI_API_KEY").await.unwrap();
    println!("API Key: {:?}", key);

    service.stop().await.unwrap();
}

Re-exports

pub use crypto::decrypt;

pub use crypto::derive_key_from_agent_id;

pub use crypto::encrypt;

pub use crypto::generate_key;

pub use crypto::generate_salt;

pub use crypto::hash_value;

pub use crypto::is_encrypted_secret;

pub use crypto::mask_secret;

pub use crypto::parse_encrypted_secret;

pub use crypto::secure_compare;

pub use crypto::KeyManager;

pub use crypto::ALGORITHM_AES_GCM;

pub use crypto::ENCRYPTION_VERSION;

pub use service::SecretChangeCallback;

pub use service::SecretsService;

pub use service::SecretsServiceConfig;

pub use storage::CompositeSecretStorage;

pub use storage::MemorySecretStorage;

pub use storage::SecretStorage;

pub use storage::StorageEntry;

pub use types::EncryptedSecret;

pub use types::PluginRequirementStatus;

pub use types::PluginSecretRequirement;

pub use types::SecretAccessLog;

pub use types::SecretChangeEvent;

pub use types::SecretChangeType;

pub use types::SecretConfig;

pub use types::SecretContext;

pub use types::SecretLevel;

pub use types::SecretMetadata;

pub use types::SecretPermissionType;

pub use types::SecretStatus;

pub use types::SecretType;

pub use types::SecretsError;

pub use types::SecretsResult;

pub use types::StorageBackend;

pub use validation::get_validator;

pub use validation::infer_validation_strategy;

pub use validation::register_validator;

pub use validation::validate_secret;

pub use validation::ValidationResult;

Modules

crypto

Cryptographic utilities for secret encryption.

service

Secrets Service implementation.

storage

Storage interfaces and implementations for secrets.

types

Core types for elizaOS Secrets Manager.

validation

Secret validation module.

Constants

PLUGIN_DESCRIPTION

PLUGIN_NAME

Plugin information.

PLUGIN_VERSION

SECRETS_SERVICE_TYPE

Service type identifier.