Expand description
SecretSpec - A declarative secrets manager for development workflows
This library provides a type-safe, declarative way to manage secrets and environment variables across different environments and storage backends.
§Features
- Declarative Configuration: Define secrets in
secretspec.toml - Multiple Providers: Keyring, dotenv, environment variables, OnePassword, LastPass
- Profile Support: Different configurations for development, staging, production
- Type Safety: Optional compile-time code generation for strongly-typed access
- Validation: Ensure all required secrets are present before running applications
§Example
ⓘ
// Generate typed structs from secretspec.toml
secretspec_derive::declare_secrets!("secretspec.toml");
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Load secrets and configure provider/profile
let mut spec = Secrets::load()?;
spec.set_provider("keyring"); // Can use provider name or URI like "dotenv:/path/to/.env"
spec.set_profile("development");
// Validate and get secrets
let secrets = match spec.validate()? {
Ok(validated) => validated,
Err(errors) => return Err(format!("Missing secrets: {}", errors).into()),
};
// Access secrets (field names are lowercased)
println!("Database: {}", secrets.resolved.secrets.get("DATABASE_URL").unwrap());
// Access profile and provider information
println!("Using profile: {}", secrets.resolved.profile);
println!("Using provider: {}", secrets.resolved.provider);
Ok(())
}Modules§
Structs§
- Resolution
Report - A complete, value-free snapshot of one resolution pass over a profile.
- Resolve
Response - A complete value-carrying resolution result for one profile.
- Resolved
- Container for resolved secrets with their context.
- Resolved
Secret - One resolved secret. Exactly one of
valueorpathis set:pathwhen the secret is materialized to a temp file (as_path),valueotherwise. - Secret
Resolution - The resolution outcome for one declared secret. Never carries the value.
- Secrets
- The main entry point for the secretspec library
- Validated
Secrets - Container for validated secrets with metadata
Enums§
- Resolution
Status - How a single declared secret resolved.
- Resolved
Source - Where a resolved value came from.
- Secret
Spec Error - The main error type for secretspec operations
Constants§
- RESOLUTION_
REPORT_ SCHEMA_ VERSION - Version of the
ResolutionReportwire format. - RESOLVE_
SCHEMA_ VERSION - Version of the
ResolveResponsewire format.
Traits§
- Provider
- Trait defining the interface for secret storage providers.
Functions§
- resolve_
json - Resolve secrets from a JSON request string and return the JSON response
envelope:
{"ok": true, "response": <ResolveResponse | ResolutionReport>}or{"ok": false, "error": {"kind", "message"}}.
Type Aliases§
- Result
- A type alias for
Result<T, SecretSpecError>