1.1 KiB
1.1 KiB
Test Plan: Vault
Behaviors to test
- Vault add stores encrypted secret (requires terminal + password file)
- Vault get decrypts and returns secret (requires password file)
- Vault update replaces secret value (requires terminal + password file)
- Vault delete removes secret (requires password file)
- Vault list shows all secret names (requires password file)
- Secrets interpolated in MCP config (mcp.json) (requires Vault with secrets)
- Missing secrets produce warning during MCP init (requires Vault)
- Vault accessible from CLI (flag parsing tested in iteration 10)
- Vault accessible from REPL (.vault commands) (requires REPL infra)
Additional behaviors tested
- SECRET_RE matches {{DOUBLE_BRACES}}
- SECRET_RE matches with surrounding text
- SECRET_RE does not match {SINGLE_BRACES}
- SECRET_RE does not match plain text
- SECRET_RE matches with spaces inside braces
- Vault::default() creates instance with no password file
Old code reference
src/vault/mod.rs— GlobalVault, operationssrc/mcp/mod.rs— interpolate_secrets