Expand description
SecretSpec - A declarative secrets manager for development workflows
This library provides a type-safe, declarative way to manage secrets and environment variables across different environments and storage backends.
§Features
- Declarative Configuration: Define secrets in
secretspec.toml - Multiple Providers: Keyring, dotenv, environment variables, OnePassword, LastPass
- Profile Support: Different configurations for development, staging, production
- Type Safety: Optional compile-time code generation for strongly-typed access
- Validation: Ensure all required secrets are present before running applications
§Example
ⓘ
// Generate typed structs from secretspec.toml
secretspec_derive::declare_secrets!("secretspec.toml");
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Load secrets and configure provider/profile
let mut spec = Secrets::load()?;
spec.set_provider("keyring"); // Can use provider name or URI like "dotenv:/path/to/.env"
spec.set_profile("development");
// Validate and get secrets
let secrets = match spec.validate()? {
Ok(validated) => validated,
Err(errors) => return Err(format!("Missing secrets: {}", errors).into()),
};
// Access secrets (field names are lowercased)
println!("Database: {}", secrets.resolved.secrets.get("DATABASE_URL").unwrap());
// Access profile and provider information
println!("Using profile: {}", secrets.resolved.profile);
println!("Using provider: {}", secrets.resolved.provider);
Ok(())
}Modules§
Structs§
- Resolved
- Container for resolved secrets with their context.
- Secrets
- The main entry point for the secretspec library
- Validated
Secrets - Container for validated secrets with metadata
Enums§
- Secret
Spec Error - The main error type for secretspec operations
Traits§
- Provider
- Trait defining the interface for secret storage providers.
Type Aliases§
- Result
- A type alias for
Result<T, SecretSpecError>