Package com.scivicslab.turingworkflow.plugins.secret

Class EncryptedSecretConfig

java.lang.Object

com.scivicslab.turingworkflow.plugins.secret.EncryptedSecretConfig

public class EncryptedSecretConfig
extends Object

Parser for encrypted secret configuration files.

This class reads an encrypted INI-format file containing secrets (SSH keys, passphrases, sudo passwords), decrypts it, and provides access to the secrets with host/group/global priority.

File Format (before encryption)

 [secrets:all]
 ssh_key=-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNz...
 ssh_passphrase=MyPassphrase123
 sudo_password=MySudoPassword

 [secrets:webservers]
 sudo_password=WebServerSudoPassword

 [secrets:host:web1.example.com]
 ssh_key=...different key...
 

Usage Example

 InputStream encryptedInput = new FileInputStream("secrets.enc");
 String key = System.getenv("TURING_SECRET_KEY");
 EncryptedSecretConfig config = EncryptedSecretConfig.parse(encryptedInput, key);

 Map<String, String> secrets = config.getSecretsForHost("web1.example.com", "webservers");
 String sshKey = secrets.get("ssh_key");
 String passphrase = secrets.get("ssh_passphrase");
 

Since:

1.0.0

Author:

devteam@scivicslab.com

Constructor Summary

Constructors

Constructor	Description
EncryptedSecretConfig()

Method Summary

Modifier and Type	Method	Description
Map<String,String>	getGlobalSecrets()	Gets global secrets.
Map<String,String>	getSecretsForHost(String hostname, String... groupNames)	Gets secrets for a specific host, applying priority rules.
static EncryptedSecretConfig	parse(InputStream encryptedInput, String encryptionKey)	Parses an encrypted secret configuration file.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

EncryptedSecretConfig

public EncryptedSecretConfig()

Method Details

parse

public static EncryptedSecretConfig parse(InputStream encryptedInput,
 String encryptionKey)
                                   throws IOException

Parses an encrypted secret configuration file.

Parameters:

encryptedInput - InputStream of the encrypted file

encryptionKey - Base64-encoded encryption key

Returns:

parsed EncryptedSecretConfig

Throws:

IOException - if reading or decryption fails

getSecretsForHost

public Map<String,String> getSecretsForHost(String hostname,
 String... groupNames)

Gets secrets for a specific host, applying priority rules. Priority: host-specific > group-specific > global

Parameters:

hostname - Hostname

groupNames - Group names this host belongs to

Returns:

Map of secrets for this host

getGlobalSecrets

public Map<String,String> getGlobalSecrets()

Gets global secrets.

Returns:

Map of global secrets