Module secrets 

Secrets management API DTOs.

Wire types for the secrets endpoints. Secret values are never exposed through the API except via an explicit admin-only ?reveal=true request — only metadata is returned for listing and retrieval.

Structs

BulkImportQuery

Query for POST /api/v1/secrets/bulk-import — environment is required.

BulkImportResponse

Result body for POST /api/v1/secrets/bulk-import.

CreateSecretRequest

Request to create or update a secret.

GetSecretQuery

Query for GET /api/v1/secrets/{name} — extends the scope query with a reveal flag for admin-only plaintext reads.

RevealAllSecretsResponse

Response for the batch reveal endpoint — returns every secret in an env as plaintext. Admin-only for now (Phase 3 will gate this on per-env Read permission instead).

RotateSecretRequest

Request body for secret rotation.

RotateSecretResponse

Response returned by the rotate endpoint.

SecretMetadataResponse

Response containing secret metadata. Never includes the value unless the caller is on the explicit ?reveal=true admin path, in which case value is populated.

SecretsScopeQuery

Query for create / list / get / delete endpoints.