# secret

Package secret provides a simple interface for fetching secrets from a secrets provider.

The basic interface is:

```go
type Provider interface {
	GetSecret(key string) (value []byte, err error)
}
```

## Providers

This package is targeting the following secrets providers:
  * [x] Environment variables
  * [x] Environment variables files
  * [x] AWS [Key Management Service (KMS)](https://aws.amazon.com/kms/)
  * [x] AWS [Session Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)
  * [ ] Azure [Key Vault](https://azure.microsoft.com/nl-nl/products/key-vault)
  * [ ] GCP [Secret Manager](https://cloud.google.com/security/products/secret-manager)
  * [x] Hashicorp [Vault ](https://www.hashicorp.com/en/products/vault)
  * [x] Keyring: Linux
  * [x] Keyring: macOS [Keychain Access](https://support.apple.com/en-gb/guide/keychain-access/kyca1083/mac)
  * [x] Keyring: Windows [SecretStore](https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/get-started/using-secretstore)

## Decryption

The secret provider may return encrypted values, which can be transparently descrypted
by this package.

Supported decryption methods:
  * [x] `AES-GCM` (`AES-128-GCM`, `AES-256-GCM`) Authenticated Encryption with Associated Data
  * [x] `RSA-OAEP` Optimal Asymmetric Encryption Padding ([RFC8017](https://www.rfc-editor.org/rfc/rfc8017.html))
  * [x] `RSA-PKCS#1` version 1.5 ([RFC2313](https://www.rfc-editor.org/rfc/rfc2313.html))
  * [x] `ChaCha20-Poly1305` and `XChaCha20-Poly1305` Authenticated Encryption with Associated Data ([RFC8439](https://datatracker.ietf.org/doc/html/rfc8439))
  * [x] `NaCL Secretbox` Secret-key authenticated encryption