feat(managed-secrets): add centrally managed secrets with GITOPS_ prefix pushed to multiple targets

Introduce managed secrets owned by GitOps that can be defined once and pushed to any combination of projects/groups across connections. Values are stored in OS keychain, secrets appear on targets as GITOPS_{key}.
2026-02-28 23:43:32 +00:00
parent 78247c1d41
commit 75d35405dc
17 changed files with 1302 additions and 4 deletions
--- a/ts_interfaces/requests/managedsecrets.ts
+++ b/ts_interfaces/requests/managedsecrets.ts
@@ -0,0 +1,112 @@
+import * as plugins from '../plugins.ts';
+import * as data from '../data/index.ts';
+
+export interface IReq_GetManagedSecrets extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetManagedSecrets
+> {
+  method: 'getManagedSecrets';
+  request: {
+    identity: data.IIdentity;
+  };
+  response: {
+    managedSecrets: data.IManagedSecret[];
+  };
+}
+
+export interface IReq_GetManagedSecret extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetManagedSecret
+> {
+  method: 'getManagedSecret';
+  request: {
+    identity: data.IIdentity;
+    managedSecretId: string;
+  };
+  response: {
+    managedSecret: data.IManagedSecret;
+  };
+}
+
+export interface IReq_CreateManagedSecret extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_CreateManagedSecret
+> {
+  method: 'createManagedSecret';
+  request: {
+    identity: data.IIdentity;
+    key: string;
+    value: string;
+    description?: string;
+    targets: data.IManagedSecretTarget[];
+  };
+  response: {
+    managedSecret: data.IManagedSecret;
+    pushResults: data.IManagedSecretTargetStatus[];
+  };
+}
+
+export interface IReq_UpdateManagedSecret extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_UpdateManagedSecret
+> {
+  method: 'updateManagedSecret';
+  request: {
+    identity: data.IIdentity;
+    managedSecretId: string;
+    value?: string;
+    description?: string;
+    targets?: data.IManagedSecretTarget[];
+  };
+  response: {
+    managedSecret: data.IManagedSecret;
+    pushResults: data.IManagedSecretTargetStatus[];
+  };
+}
+
+export interface IReq_DeleteManagedSecret extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_DeleteManagedSecret
+> {
+  method: 'deleteManagedSecret';
+  request: {
+    identity: data.IIdentity;
+    managedSecretId: string;
+  };
+  response: {
+    ok: boolean;
+    deleteResults: data.IManagedSecretTargetStatus[];
+  };
+}
+
+export interface IReq_PushManagedSecret extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_PushManagedSecret
+> {
+  method: 'pushManagedSecret';
+  request: {
+    identity: data.IIdentity;
+    managedSecretId: string;
+  };
+  response: {
+    managedSecret: data.IManagedSecret;
+    pushResults: data.IManagedSecretTargetStatus[];
+  };
+}
+
+export interface IReq_PushAllManagedSecrets extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_PushAllManagedSecrets
+> {
+  method: 'pushAllManagedSecrets';
+  request: {
+    identity: data.IIdentity;
+  };
+  response: {
+    results: Array<{
+      managedSecretId: string;
+      key: string;
+      pushResults: data.IManagedSecretTargetStatus[];
+    }>;
+  };
+}