Initial import

2025-09-04 14:14:02 +02:00
commit ac609a54c2
19 changed files with 1228 additions and 0 deletions
--- a/provider.go
+++ b/provider.go
@@ -0,0 +1,57 @@
+package secret
+
+import (
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"strings"
+)
+
+// Provider for secrets.
+type Provider interface {
+	// GetSecret loads a secret by named key.
+	GetSecret(key string) (value []byte, err error)
+}
+
+// AmbiguousKey is an error incdicating that the secret doesn't resolve to exactly one item.
+type AmbiguousKey struct {
+	Key string
+}
+
+func (err AmbiguousKey) Error() string {
+	return fmt.Sprintf("secret: ambigious secret key %q", err.Key)
+}
+
+// NotFound is an error indicating the secret can not be found.
+type NotFound struct {
+	Key string
+}
+
+func (err NotFound) Error() string {
+	if err.Key == "" {
+		return "secret: not found"
+	}
+	return fmt.Sprintf("secret: %q not found", err.Key)
+}
+
+// ToBinary converts a string to []bytes.
+//
+// There are special prefixes for binary encoded formats:
+//   - hex: for hexadecimal encoded strings
+//   - b64: for base-64 encoded strings (raw encoding)
+//
+// If a special prefix is found, the appropriate codec will be used to decode to string to []byte,
+// when there is an error decoding, it may result in an empty value.
+//
+// All other strings will be converted to []byte as-is.
+func ToBinary(s string) (bytes []byte) {
+	switch {
+	case strings.HasPrefix(s, "hex:"):
+		bytes, _ = hex.DecodeString(s[4:])
+	case strings.HasPrefix(s, "b64:"):
+		bytes, _ = base64.RawStdEncoding.DecodeString(s[4:])
+	default:
+		bytes = []byte(s)
+	}
+	return
+}