Release Notes - v0.1.0¶
Release Date: 2025-01-01
Initial release of OmniVault, a unified Go library for secret management across multiple providers.
Highlights¶
- Unified Interface: Single
vault.Vaultinterface for all secret storage backends - Extensible Architecture: Add custom providers as separate Go modules
- URI-Based Resolution: Reference secrets using URIs like
env://API_KEYoraws-sm://secret-name - Zero External Dependencies: Core library requires only the Go standard library
Features¶
Core Interface (vault.Vault)¶
A unified interface for secret management with full CRUD operations:
type Vault interface {
Get(ctx context.Context, path string) (*Secret, error)
Set(ctx context.Context, path string, secret *Secret) error
Delete(ctx context.Context, path string) error
Exists(ctx context.Context, path string) (bool, error)
List(ctx context.Context, prefix string) ([]string, error)
Name() string
Capabilities() Capabilities
Close() error
}
Built-in Providers¶
| Provider | Scheme | Description |
|---|---|---|
| Environment Variables | env:// |
Read from os.Getenv() |
| File | file:// |
File-based storage |
| Memory | memory:// |
In-memory storage (for testing) |
Client API¶
High-level client with convenience methods:
// Create client
client, err := omnivault.NewClient(omnivault.Config{
Provider: omnivault.ProviderEnv,
})
// Basic operations
secret, err := client.Get(ctx, "path")
err := client.Set(ctx, "path", &omnivault.Secret{Value: "secret"})
err := client.Delete(ctx, "path")
exists, err := client.Exists(ctx, "path")
paths, err := client.List(ctx, "prefix")
// Convenience methods
value, err := client.GetValue(ctx, "path")
value, err := client.GetField(ctx, "path", "field")
err := client.SetValue(ctx, "path", "value")
// Must variants (panic on error)
secret := client.MustGet(ctx, "path")
value := client.MustGetValue(ctx, "path")
URI-Based Resolution¶
Resolve secrets from multiple providers using URIs:
resolver := omnivault.NewResolver()
resolver.Register("env", envProvider)
resolver.Register("aws-sm", awsProvider)
// Resolve from different providers
apiKey, _ := resolver.Resolve(ctx, "env://API_KEY")
dbPass, _ := resolver.Resolve(ctx, "aws-sm://database/password")
// Resolve if it's a secret reference, otherwise return as-is
value, _ := resolver.ResolveString(ctx, maybeSecretRef)
// Resolve all values in a map
resolved, _ := resolver.ResolveMap(ctx, configMap)
Secret Model¶
Rich secret model with metadata support:
secret := &omnivault.Secret{
Value: "my-secret-value",
Fields: map[string]string{
"username": "admin",
"password": "secret",
},
Metadata: omnivault.Metadata{
Tags: map[string]string{"env": "prod"},
},
}
// Access values
value := secret.String() // Primary value
field := secret.GetField("username") // Specific field
bytes := secret.Bytes() // As bytes
Extensible Provider Architecture¶
Create custom providers as separate Go modules:
package myprovider
import "github.com/agentplexus/omnivault/vault"
type Provider struct{}
func New() vault.Vault {
return &Provider{}
}
// Implement vault.Vault interface...
Use with OmniVault:
Package Structure¶
omnivault/
├── vault/ # Core interface (import for custom providers)
│ ├── interface.go # Vault interface definition
│ ├── types.go # Secret, Metadata, SecretRef types
│ └── errors.go # Standard errors
├── providers/ # Built-in providers
│ ├── env/ # Environment variables
│ ├── file/ # File-based storage
│ └── memory/ # In-memory storage
├── client.go # Main client
├── resolver.go # URI-based resolution
└── types.go # Type aliases
Official Provider Modules¶
First-party provider modules (separate repositories):
| Module | Providers | Schemes |
|---|---|---|
| omnivault-aws | AWS Secrets Manager, AWS Parameter Store | aws-sm://, aws-ssm:// |
| omnivault-keyring | macOS Keychain, Windows Credential Manager, Linux Secret Service | keyring:// |
Installation¶
Requirements¶
- Go 1.22.0 or later