Module pushconfig

Expand description

Push configuration — parsing .tsafe.yml / .tsafe.json repo manifests.

A push config file declares one or more PushSources (Azure Key Vault, AWS Secrets Manager, AWS SSM Parameter Store, GCP Secret Manager) that tsafe push writes secrets to. The file is searched upward from the current directory via find_config (shared with pull config).

§ADR-030 fields

Every source entry may declare:

name: a label used by --source <label> filtering. Sources without a name field are always included in unfiltered runs but cannot be selected with --source.
delete_missing: opt-in flag (default false) to delete remote keys that are absent from the local vault within the filtered scope. Off by default to avoid accidental mass deletion (ADR-030).

Structs§

PushConfig: Top-level push configuration parsed from .tsafe.yml or .tsafe.json.

Enums§

PushSource: A single push destination definition.

Functions§

find_config: Search upward from start for .tsafe.yml / .tsafe.json.
load: Parse a push configuration file (YAML or JSON).

Module pushconfig

Module pushconfig Copy item path

§ADR-030 fields

Structs§

Enums§

Functions§

Module pushconfig