Skip to main content

gloves_core/
paths.rs

1use std::path::{Path, PathBuf};
2
3const DEFAULT_AGENT_ID: &str = "default-agent";
4
5/// Canonical path layout for secrets runtime files.
6#[derive(Debug, Clone)]
7pub struct SecretsPaths {
8    root: PathBuf,
9}
10
11impl SecretsPaths {
12    /// Creates a path layout rooted at `root`.
13    pub fn new(root: impl AsRef<Path>) -> Self {
14        Self {
15            root: root.as_ref().to_path_buf(),
16        }
17    }
18
19    /// Root directory.
20    pub fn root(&self) -> &Path {
21        &self.root
22    }
23
24    /// Agent ciphertext store directory.
25    pub fn store_dir(&self) -> PathBuf {
26        self.root.join("store")
27    }
28
29    /// Secret metadata directory.
30    pub fn metadata_dir(&self) -> PathBuf {
31        self.root.join("meta")
32    }
33
34    /// Pending requests JSON file.
35    pub fn pending_file(&self) -> PathBuf {
36        self.root.join("pending.json")
37    }
38
39    /// Audit log JSONL file.
40    pub fn audit_file(&self) -> PathBuf {
41        self.root.join("audit.jsonl")
42    }
43
44    /// Default age identity file for CLI agent.
45    pub fn default_identity_file(&self) -> PathBuf {
46        self.identity_file_for_agent(DEFAULT_AGENT_ID)
47    }
48
49    /// Age identity file for one agent id.
50    pub fn identity_file_for_agent(&self, agent_id: &str) -> PathBuf {
51        self.root.join(format!("{agent_id}.agekey"))
52    }
53
54    /// Default Ed25519 signing key file for CLI agent.
55    pub fn default_signing_key_file(&self) -> PathBuf {
56        self.signing_key_file_for_agent(DEFAULT_AGENT_ID)
57    }
58
59    /// Ed25519 signing key file for one agent id.
60    pub fn signing_key_file_for_agent(&self, agent_id: &str) -> PathBuf {
61        self.root.join(format!("{agent_id}.signing.key"))
62    }
63
64    /// Vault configuration directory.
65    pub fn vaults_dir(&self) -> PathBuf {
66        self.root.join("vaults")
67    }
68
69    /// Per-agent GPG homedir root.
70    pub fn gpg_homes_dir(&self) -> PathBuf {
71        self.root.join("gpg")
72    }
73
74    /// GPG homedir for one agent id.
75    pub fn gpg_home(&self, agent_id: &str) -> PathBuf {
76        self.gpg_homes_dir().join(agent_id)
77    }
78
79    /// Vault session metadata file.
80    pub fn vault_sessions_file(&self) -> PathBuf {
81        self.vaults_dir().join("sessions.json")
82    }
83
84    /// Encrypted vault payload root directory.
85    pub fn encrypted_dir(&self) -> PathBuf {
86        self.root.join("encrypted")
87    }
88
89    /// Default vault mount root directory.
90    pub fn mounts_dir(&self) -> PathBuf {
91        self.root.join("mnt")
92    }
93
94    /// Path to one vault config file.
95    pub fn vault_config_file(&self, vault_name: &str) -> PathBuf {
96        self.vaults_dir().join(format!("{vault_name}.toml"))
97    }
98
99    /// Path to one vault ciphertext directory.
100    pub fn vault_cipher_dir(&self, vault_name: &str) -> PathBuf {
101        self.encrypted_dir().join(vault_name)
102    }
103
104    /// Path to one vault mountpoint.
105    pub fn vault_mountpoint(&self, vault_name: &str) -> PathBuf {
106        self.mounts_dir().join(vault_name)
107    }
108}