feat: Secret injection into the MCP configuration

2025-10-15 16:06:59 -06:00
parent df8b326d89
commit 39fc863e22
5 changed files with 4410 additions and 4380 deletions
@@ -1,125 +1,132 @@
 mod utils;

+use std::sync::LazyLock;
 use crate::cli::Cli;
 use crate::config::Config;
 use crate::vault::utils::ensure_password_file_initialized;
 use anyhow::{Context, Result};
+use fancy_regex::Regex;
 use gman::providers::local::LocalProvider;
 use gman::providers::SecretProvider;
 use inquire::{required, Password, PasswordDisplayMode};
 use tokio::runtime::Handle;

+pub static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{(.+)}}").unwrap());
+
 #[derive(Debug, Default, Clone)]
 pub struct Vault {
-    local_provider: LocalProvider,
+	local_provider: LocalProvider,
 }

 impl Vault {
-    pub fn init(config: &Config) -> Self {
-        let vault_password_file = config.vault_password_file();
-        let mut local_provider = LocalProvider {
-            password_file: Some(vault_password_file),
-            git_branch: None,
-            ..LocalProvider::default()
-        };
+	pub fn init(config: &Config) -> Self {
+		let vault_password_file = config.vault_password_file();
+		let mut local_provider = LocalProvider {
+			password_file: Some(vault_password_file),
+			git_branch: None,
+			..LocalProvider::default()
+		};

-        ensure_password_file_initialized(&mut local_provider)
-            .expect("Failed to initialize password file");
+		ensure_password_file_initialized(&mut local_provider)
+			.expect("Failed to initialize password file");

-        Self { local_provider }
-    }
+		Self { local_provider }
+	}

-    pub fn add_secret(&self, secret_name: &str) -> Result<()> {
-        let secret_value = Password::new("Enter the secret value:")
-            .with_validator(required!())
-            .with_display_mode(PasswordDisplayMode::Masked)
-            .prompt()
-            .with_context(|| "unable to read secret from input")?;
+	pub fn add_secret(&self, secret_name: &str) -> Result<()> {
+		let secret_value = Password::new("Enter the secret value:")
+			.with_validator(required!())
+			.with_display_mode(PasswordDisplayMode::Masked)
+			.prompt()
+			.with_context(|| "unable to read secret from input")?;

-        let h = Handle::current();
-        tokio::task::block_in_place(|| {
-            h.block_on(self.local_provider.set_secret(secret_name, &secret_value))
-        })?;
-        println!("✓ Secret '{secret_name}' added to the vault.");
+		let h = Handle::current();
+		tokio::task::block_in_place(|| {
+			h.block_on(self.local_provider.set_secret(secret_name, &secret_value))
+		})?;
+		println!("✓ Secret '{secret_name}' added to the vault.");

-        Ok(())
-    }
+		Ok(())
+	}

-    pub fn get_secret(&self, secret_name: &str) -> Result<()> {
-        let h = Handle::current();
-        let secret = tokio::task::block_in_place(|| {
-            h.block_on(self.local_provider.get_secret(secret_name))
-        })?;
-        println!("{}", secret);
+	pub fn get_secret(&self, secret_name: &str, display_output: bool) -> Result<String> {
+		let h = Handle::current();
+		let secret = tokio::task::block_in_place(|| {
+			h.block_on(self.local_provider.get_secret(secret_name))
+		})?;

-        Ok(())
-    }
+		if display_output {
+			println!("{}", secret);
+		}

-    pub fn update_secret(&self, secret_name: &str) -> Result<()> {
-        let secret_value = Password::new("Enter the secret value:")
-            .with_validator(required!())
-            .with_display_mode(PasswordDisplayMode::Masked)
-            .prompt()
-            .with_context(|| "unable to read secret from input")?;
-        let h = Handle::current();
-        tokio::task::block_in_place(|| {
-            h.block_on(
-                self.local_provider
-                    .update_secret(secret_name, &secret_value),
-            )
-        })?;
-        println!("✓ Secret '{secret_name}' updated in the vault.");
+		Ok(secret)
+	}

-        Ok(())
-    }
+	pub fn update_secret(&self, secret_name: &str) -> Result<()> {
+		let secret_value = Password::new("Enter the secret value:")
+			.with_validator(required!())
+			.with_display_mode(PasswordDisplayMode::Masked)
+			.prompt()
+			.with_context(|| "unable to read secret from input")?;
+		let h = Handle::current();
+		tokio::task::block_in_place(|| {
+			h.block_on(
+				self.local_provider
+					.update_secret(secret_name, &secret_value),
+			)
+		})?;
+		println!("✓ Secret '{secret_name}' updated in the vault.");

-    pub fn delete_secret(&self, secret_name: &str) -> Result<()> {
-        let h = Handle::current();
-        tokio::task::block_in_place(|| h.block_on(self.local_provider.delete_secret(secret_name)))?;
-        println!("✓ Secret '{secret_name}' deleted from the vault.");
+		Ok(())
+	}

-        Ok(())
-    }
+	pub fn delete_secret(&self, secret_name: &str) -> Result<()> {
+		let h = Handle::current();
+		tokio::task::block_in_place(|| h.block_on(self.local_provider.delete_secret(secret_name)))?;
+		println!("✓ Secret '{secret_name}' deleted from the vault.");

-    pub fn list_secrets(&self, display_output: bool) -> Result<Vec<String>> {
-        let h = Handle::current();
-        let secrets =
-            tokio::task::block_in_place(|| h.block_on(self.local_provider.list_secrets()))?;
+		Ok(())
+	}

-        if display_output {
-            if secrets.is_empty() {
-                println!("The vault is empty.");
-            } else {
-                for key in &secrets {
-                    println!("{}", key);
-                }
-            }
-        }
+	pub fn list_secrets(&self, display_output: bool) -> Result<Vec<String>> {
+		let h = Handle::current();
+		let secrets =
+			tokio::task::block_in_place(|| h.block_on(self.local_provider.list_secrets()))?;

-        Ok(secrets)
-    }
+		if display_output {
+			if secrets.is_empty() {
+				println!("The vault is empty.");
+			} else {
+				for key in &secrets {
+					println!("{}", key);
+				}
+			}
+		}

-    pub fn handle_vault_flags(cli: Cli, config: Config) -> Result<()> {
-        if let Some(secret_name) = cli.add_secret {
-            config.vault.add_secret(&secret_name)?;
-        }
+		Ok(secrets)
+	}

-        if let Some(secret_name) = cli.get_secret {
-            config.vault.get_secret(&secret_name)?;
-        }
+	pub fn handle_vault_flags(cli: Cli, config: Config) -> Result<()> {
+		if let Some(secret_name) = cli.add_secret {
+			config.vault.add_secret(&secret_name)?;
+		}

-        if let Some(secret_name) = cli.update_secret {
-            config.vault.update_secret(&secret_name)?;
-        }
+		if let Some(secret_name) = cli.get_secret {
+			config.vault.get_secret(&secret_name, true)?;
+		}

-        if let Some(secret_name) = cli.delete_secret {
-            config.vault.delete_secret(&secret_name)?;
-        }
+		if let Some(secret_name) = cli.update_secret {
+			config.vault.update_secret(&secret_name)?;
+		}

-        if cli.list_secrets {
-            config.vault.list_secrets(true)?;
-        }
+		if let Some(secret_name) = cli.delete_secret {
+			config.vault.delete_secret(&secret_name)?;
+		}

-        Ok(())
-    }
+		if cli.list_secrets {
+			config.vault.list_secrets(true)?;
+		}
+
+		Ok(())
+	}
 }