Class EncryptedSecretConfig

java.lang.Object

com.scivicslab.actoriac.EncryptedSecretConfig

public class EncryptedSecretConfig
extends Object

Parser for encrypted secret configuration files.

This class reads an encrypted INI-format file containing secrets (SSH keys, passphrases, sudo passwords), decrypts it, and provides access to the secrets with host/group/global priority.

File Format (before encryption)

[secrets:all]
ssh_key=-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNz...
ssh_passphrase=MyPassphrase123
sudo_password=MySudoPassword

[secrets:webservers]
sudo_password=WebServerSudoPassword

[secrets:host:web1.example.com]
ssh_key=...different key...

Usage Example

InputStream encryptedInput = new FileInputStream("secrets.enc");
String key = System.getenv("ACTOR_IAC_SECRET_KEY");
EncryptedSecretConfig config = EncryptedSecretConfig.parse(encryptedInput, key);

Map<String, String> secrets = config.getSecretsForHost("web1.example.com", "webservers");
String sshKey = secrets.get("ssh_key");
String passphrase = secrets.get("ssh_passphrase");

Author:

devteam@scivics-lab.com

Field Summary

Fields

Modifier and Type	Field	Description
private final Map<String,String>	globalSecrets
private final Map<String, Map<String,String>>	groupSecrets
private final Map<String, Map<String,String>>	hostSecrets

Constructor Summary

Constructors

Constructor	Description
EncryptedSecretConfig()

Method Summary

Modifier and Type	Method	Description
Map<String,String>	getGlobalSecrets()	Gets global secrets.
Map<String,String>	getSecretsForHost(String hostname, String... groupNames)	Gets secrets for a specific host, applying priority rules.
static EncryptedSecretConfig	parse(InputStream encryptedInput, String encryptionKey)	Parses an encrypted secret configuration file.
private static EncryptedSecretConfig	parseDecrypted(String content)	Parses decrypted INI-format content.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

globalSecrets

private final Map<String,String> globalSecrets

groupSecrets

private final Map<String, Map<String,String>> groupSecrets

hostSecrets

private final Map<String, Map<String,String>> hostSecrets

Constructor Details

EncryptedSecretConfig

public EncryptedSecretConfig()

Method Details

parse

public static EncryptedSecretConfig parse(InputStream encryptedInput,
 String encryptionKey)
                                   throws IOException

Parses an encrypted secret configuration file.

Parameters:

encryptedInput - InputStream of the encrypted file

encryptionKey - Base64-encoded encryption key

Returns:

parsed EncryptedSecretConfig

Throws:

IOException - if reading or decryption fails

parseDecrypted

private static EncryptedSecretConfig parseDecrypted(String content)
                                             throws IOException

Parses decrypted INI-format content.

Parameters:

content - decrypted INI content

Returns:

parsed EncryptedSecretConfig

Throws:

IOException - if parsing fails

getSecretsForHost

public Map<String,String> getSecretsForHost(String hostname,
 String... groupNames)

Gets secrets for a specific host, applying priority rules. Priority: host-specific > group-specific > global

Parameters:

hostname - Hostname

groupNames - Group names this host belongs to

Returns:

Map of secrets for this host

getGlobalSecrets

public Map<String,String> getGlobalSecrets()

Gets global secrets.

Returns:

Map of global secrets