mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-16 16:11:38 +00:00
* Add Vault SecretRef plugin Signed-off-by: sallyom <somalley@redhat.com> * expand Vault setup to registered SecretRef targets Signed-off-by: sallyom <somalley@redhat.com> * fix(vault): use sdk secret target seam * fix(vault): preserve auth profile target paths * docs(vault): document plugin enable step * fix(vault): make status provider-alias aware * fix(vault): reject noncanonical secret ids * fix(vault): separate resolver timeout deadlines * fix(vault): forward private CA trust settings * fix(secrets): preserve plugin policy boundaries --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
30 lines
1.1 KiB
TypeScript
30 lines
1.1 KiB
TypeScript
// Narrow shared secret-ref helpers for plugin config and secret-contract paths.
|
|
|
|
import { resolveSecretPlanTargetByPath as resolveSecretPlanTargetByPathInternal } from "../secrets/target-registry-query.js";
|
|
|
|
export { coerceSecretRef } from "../config/types.secrets.js";
|
|
export type { SecretInput, SecretRef } from "../config/types.secrets.js";
|
|
export { resolveSecretRefValues } from "../secrets/resolve.js";
|
|
export { applyResolvedAssignments, createResolverContext } from "../secrets/runtime-shared.js";
|
|
|
|
export type ResolvedSecretPlanTarget = {
|
|
targetType: string;
|
|
providerId?: string;
|
|
accountId?: string;
|
|
};
|
|
|
|
export function resolveSecretPlanTargetByPath(params: {
|
|
configFile: "openclaw.json" | "auth-profiles.json";
|
|
pathSegments: string[];
|
|
}): ResolvedSecretPlanTarget | null {
|
|
const resolved = resolveSecretPlanTargetByPathInternal(params);
|
|
if (!resolved) {
|
|
return null;
|
|
}
|
|
return {
|
|
targetType: resolved.entry.targetType,
|
|
...(resolved.providerId ? { providerId: resolved.providerId } : {}),
|
|
...(resolved.accountId ? { accountId: resolved.accountId } : {}),
|
|
};
|
|
}
|