serve.zone/gitops
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): integrate @push.rocks/smartsecret for keychain-based token storage

Browse Source 
Connection tokens are now stored in OS keychain (or encrypted file fallback) instead of plaintext JSON. Existing plaintext tokens auto-migrate on first load.
This commit is contained in:
Jürgen Kunz
2026-02-24 16:37:13 +00:00
parent 6889b81159
commit 06f447459e
6 changed files with 59 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ts/classes/gitopsapp.ts
View File

@@ -1,3 +1,4 @@
import * as plugins from '../plugins.ts';
import { logger } from '../logging.ts';
import { ConnectionManager } from './connectionmanager.ts';
import { OpsServer } from '../opsserver/index.ts';
@@ -10,6 +11,7 @@ import { resolvePaths } from '../paths.ts';
*/
export class GitopsApp {
public storageManager: StorageManager;
public smartSecret: plugins.smartsecret.SmartSecret;
public connectionManager: ConnectionManager;
public opsServer: OpsServer;
public cacheDb: CacheDb;
@@ -21,7 +23,8 @@ export class GitopsApp {
backend: 'filesystem',
fsPath: paths.defaultStoragePath,
});
this.connectionManager = new ConnectionManager(this.storageManager);
this.smartSecret = new plugins.smartsecret.SmartSecret({ service: 'gitops' });
this.connectionManager = new ConnectionManager(this.storageManager, this.smartSecret);
this.cacheDb = CacheDb.getInstance({
storagePath: paths.defaultTsmDbPath,