Liking cljdoc? Tell your friends :D

hive-system.secrets.registry

Backend registry + uniform resolution for ISecretBackend implementations.

Consumers depend on this ns + protocols.clj. They never need to know which concrete backend (pass, bw, op, vault, age) is in use.

Workflow

  1. At process boot, register the backends you need: (registry/register! (pass/make-pass-backend)) (registry/register! (bw/make-bw-backend {:session ...}))

  2. At call sites, resolve via a SecretRef map: (registry/fetch {:backend :pass :key "vps/r1/root"}) (registry/fetch {:backend :pass :key "vps/r1/ip" :opts {:line-only? true}})

    Returns Result<Secret>.

SecretRef shape

{:backend <keyword> ;; backend-id (e.g. :pass, :bw) :key <string> ;; opaque key passed to the backend :opts <map?>} ;; optional per-fetch opts

Validation

validate-ref checks structure WITHOUT touching the backend — pure, safe to run during config loading.

Backend registry + uniform resolution for ISecretBackend implementations.

Consumers depend on this ns + protocols.clj. They never need to know
which concrete backend (`pass`, `bw`, `op`, `vault`, `age`) is in use.

## Workflow

1. At process boot, register the backends you need:
     (registry/register! (pass/make-pass-backend))
     (registry/register! (bw/make-bw-backend {:session ...}))

2. At call sites, resolve via a SecretRef map:
     (registry/fetch {:backend :pass :key "vps/r1/root"})
     (registry/fetch {:backend :pass :key "vps/r1/ip" :opts {:line-only? true}})

   Returns Result<Secret>.

## SecretRef shape

{:backend  <keyword>     ;; backend-id (e.g. :pass, :bw)
 :key      <string>      ;; opaque key passed to the backend
 :opts     <map?>}       ;; optional per-fetch opts

## Validation

`validate-ref` checks structure WITHOUT touching the backend — pure,
safe to run during config loading.
raw docstring

backendclj/s

(backend id)

Look up a registered backend by id. Returns Result<ISecretBackend>.

Look up a registered backend by id. Returns Result<ISecretBackend>.
sourceraw docstring

fetchclj/s

(fetch ref)

Resolve a SecretRef to a Secret. Returns Result<Secret>.

Validates the ref structure, looks up the backend, and dispatches. Any of these stages can short-circuit with an err result.

Resolve a SecretRef to a Secret. Returns Result<Secret>.

Validates the ref structure, looks up the backend, and dispatches.
Any of these stages can short-circuit with an err result.
sourceraw docstring

register!clj/s

(register! backend)

Register a backend instance under its backend-id. Returns the backend (for fluent registration chains). Overwrites any existing registration with the same id.

Register a backend instance under its backend-id.
Returns the backend (for fluent registration chains).
Overwrites any existing registration with the same id.
sourceraw docstring

registeredclj/s

(registered)

Return a map of {backend-id → backend} for all currently registered backends. Snapshot — safe to inspect.

Return a map of {backend-id → backend} for all currently registered
backends. Snapshot — safe to inspect.
sourceraw docstring

unregister!clj/s

(unregister! id)

Remove a backend by id. Returns the previously-registered backend or nil. Useful for tests.

Remove a backend by id. Returns the previously-registered backend
or nil. Useful for tests.
sourceraw docstring

validate-refclj/s

(validate-ref {:keys [backend key opts] :as ref})

Pure: validate a SecretRef map without resolving anything. Returns (ok ref) or (err :secrets/invalid-ref ...).

Pure: validate a SecretRef map without resolving anything.
Returns (ok ref) or (err :secrets/invalid-ref ...).
sourceraw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
× close