codecrucible-synth
Version:
Production-Ready AI Development Platform with Multi-Voice Synthesis, Smithery MCP Integration, Enterprise Security, and Zero-Timeout Reliability
190 lines • 4.61 kB
TypeScript
/**
* Enterprise Secrets Management System
* Implements encrypted configuration storage with key rotation and access control
*/
export interface SecretConfig {
name: string;
value: string;
description?: string;
tags?: string[];
expiresAt?: Date;
createdAt: Date;
lastAccessed?: Date;
accessCount: number;
}
export interface EncryptedSecret {
name: string;
encryptedData: string;
encryptedValue: string;
iv: string;
salt: string;
authTag: string;
algorithm: string;
keyDerivation: string;
metadata: {
description?: string;
tags?: string[];
expiresAt?: string;
createdAt: string;
lastAccessed?: string;
accessCount: number;
};
}
export interface KeyRotationConfig {
enabled: boolean;
intervalDays: number;
retainOldKeys: number;
autoRotate: boolean;
}
export interface SecretsManagerConfig {
storePath: string;
masterKeyPath: string;
keyRotation: KeyRotationConfig;
encryption: {
algorithm: string;
keyLength: number;
ivLength: number;
saltLength: number;
iterations: number;
};
access: {
auditLog: boolean;
maxAccessAttempts: number;
requireAuthentication: boolean;
};
}
export declare class SecretsManager {
private config;
private masterKey;
private secrets;
private accessLog;
private keyRotationTimer?;
constructor(config?: Partial<SecretsManagerConfig>);
/**
* Initialize secrets manager
*/
initialize(masterPassword?: string): Promise<void>;
/**
* Store a secret securely
*/
storeSecret(name: string, value: string, options?: {
description?: string;
tags?: string[];
expiresAt?: Date;
}): Promise<void>;
/**
* Encrypt a secret and return encrypted data (for testing purposes)
*/
encryptSecret(name: string, value: string): Promise<EncryptedSecret>;
/**
* Decrypt a secret (for testing purposes)
*/
decryptSecret(name: string): Promise<string>;
/**
* Retrieve a secret
*/
getSecret(name: string, userId?: string): Promise<string | null>;
/**
* Update a secret
*/
updateSecret(name: string, newValue: string, options?: {
description?: string;
tags?: string[];
expiresAt?: Date;
}): Promise<void>;
/**
* Delete a secret
*/
deleteSecret(name: string): Promise<boolean>;
/**
* List all secret names (not values)
*/
listSecrets(tags?: string[]): Promise<Array<{
name: string;
description?: string;
tags?: string[];
expiresAt?: Date;
createdAt: Date;
lastAccessed?: Date;
accessCount: number;
}>>;
/**
* Rotate master key
*/
rotateMasterKey(newPassword?: string): Promise<void>;
/**
* Export secrets (encrypted) for backup
*/
exportSecrets(): Promise<string>;
/**
* Import secrets from backup
*/
importSecrets(exportData: string): Promise<void>;
/**
* Get access audit log
*/
getAccessLog(hours?: number): Array<{
secret: string;
timestamp: Date;
user?: string;
success: boolean;
reason?: string;
}>;
/**
* Encrypt a secret (internal method)
*/
private encryptSecretInternal;
/**
* Decrypt a secret (internal method)
*/
private decryptSecretInternal;
/**
* Load or generate master key
*/
private loadOrGenerateMasterKey;
/**
* Load master key from file
*/
private loadMasterKey;
/**
* Generate new master key
*/
private generateMasterKey;
/**
* Load secrets from storage
*/
private loadSecrets;
/**
* Save encrypted secret to file
*/
private saveEncryptedSecret;
/**
* Get all encrypted secrets
*/
private getAllEncryptedSecrets;
/**
* Validate secret name
*/
private validateSecretName;
/**
* Log secret access
*/
private logAccess;
/**
* Archive old master key
*/
private archiveMasterKey;
/**
* Start key rotation timer
*/
private startKeyRotationTimer;
/**
* Stop and cleanup
*/
stop(): Promise<void>;
deleteTestSecret(name: string): Promise<boolean>;
rotateEncryptionKey(): Promise<void>;
setEncryptionKey(key: Buffer): void;
get secretStorage(): Map<string, SecretConfig>;
}
//# sourceMappingURL=secrets-manager.d.ts.map