Crate siphon_secrets

Crate siphon_secrets

Expand description

Secret management with multiple backend support

This crate provides a unified interface for resolving secrets from various backends:

OS Keychain (keychain://service/key): macOS Keychain, Windows Credential Manager, Linux Secret Service
1Password CLI (op://vault/item/field): Requires op CLI to be installed and authenticated
Environment variables (env://VAR_NAME): Read from process environment
Files (file:///path or just /path): Read content from filesystem
Plain values: Any string without a URI scheme is treated as a literal value

§Example

use siphon_secrets::{SecretUri, SecretResolver};

// Parse a secret URI from config
let uri: SecretUri = "keychain://myapp/api-token".parse()?;

// Resolve to actual value
let resolver = SecretResolver::new();
let secret = resolver.resolve(&uri)?;

§Features

keychain (default): Enable OS keychain support via keyring crate
onepassword (default): Enable 1Password CLI support
env (default): Enable environment variable support
file (default): Enable file reading support

Modules§

keychain

Structs§

SecretResolver: Resolves secrets from various backends based on URI scheme

Enums§

SecretError: Errors that can occur during secret resolution
SecretUri: Represents a secret reference that can be resolved from various backends.