chore: remove field_type and value_len from secrets schema

- Drop field_type, value_len from secrets and secrets_history tables - Remove infer_field_type, compute_value_len from add.rs - Simplify search output to field names only - Update AGENTS.md, README.md documentation Bump version to 0.9.4 Made-with: Cursor
2026-03-19 16:48:23 +08:00
parent 62a1df316b
commit 854720f10c
12 changed files with 48 additions and 137 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -111,7 +111,13 @@ EXAMPLES:

  # Write a multiline file into a nested secret field
  secrets add -n refining --kind server --name my-server \\
-    -s credentials:content@./keys/server.pem")]
+    -s credentials:content@./keys/server.pem
+
+  # Shared PEM (key_ref): store key once, reference from multiple servers
+  secrets add -n refining --kind key --name my-shared-key \\
+    --tag aliyun -s content=@./keys/shared.pem
+  secrets add -n refining --kind server --name i-abc123 \\
+    -m ip=10.0.0.1 -m key_ref=my-shared-key -s username=ecs-user")]
    Add {
        /// Namespace, e.g. refining, ricnsmart
        #[arg(short, long)]
@@ -125,7 +131,8 @@ EXAMPLES:
        /// Tag for categorization (repeatable), e.g. --tag aliyun --tag hongkong
        #[arg(long = "tag")]
        tags: Vec<String>,
-        /// Plaintext metadata: key=value, key:=<json>, key=@file, or nested:path@file
+        /// Plaintext metadata: key=value, key:=<json>, key=@file, or nested:path@file.
+        /// Use key_ref=<name> to reference a shared key entry (kind=key); inject/run merge its secrets.
        #[arg(long = "meta", short = 'm')]
        meta: Vec<String>,
        /// Secret entry: key=value, key:=<json>, key=@file, or nested:path@file
@@ -287,7 +294,11 @@ EXAMPLES:
  # Update nested typed JSON fields
  secrets update -n refining --kind service --name deploy-bot \\
    -s auth:config:='{\"issuer\":\"gitea\",\"rotate\":true}' \\
-    -s auth:retry:=5")]
+    -s auth:retry:=5
+
+  # Rotate shared PEM (all servers with key_ref=my-shared-key get the new key)
+  secrets update -n refining --kind key --name my-shared-key \\
+    -s content=@./keys/new-shared.pem")]
    Update {
        /// Namespace, e.g. refining, ricnsmart
        #[arg(short, long)]
@@ -304,7 +315,8 @@ EXAMPLES:
        /// Remove a tag (repeatable)
        #[arg(long = "remove-tag")]
        remove_tags: Vec<String>,
-        /// Set or overwrite a metadata field: key=value, key:=<json>, key=@file, or nested:path@file
+        /// Set or overwrite a metadata field: key=value, key:=<json>, key=@file, or nested:path@file.
+        /// Use key_ref=<name> to reference a shared key entry (kind=key).
        #[arg(long = "meta", short = 'm')]
        meta: Vec<String>,
        /// Delete a metadata field by key or nested path, e.g. old_port or credentials:content
@@ -394,7 +406,9 @@ EXAMPLES:
  secrets inject -n refining --kind service --name gitea -o json

  # Eval into current shell (use with caution)
-  eval $(secrets inject -n refining --kind service --name gitea)")]
+  eval $(secrets inject -n refining --kind service --name gitea)
+
+  # For entries with metadata.key_ref, referenced key's secrets are merged automatically")]
    Inject {
        #[arg(short, long)]
        namespace: Option<String>,
@@ -424,7 +438,9 @@ EXAMPLES:
  secrets run --tag production -- env | grep GITEA

  # With prefix
-  secrets run -n refining --kind service --name gitea --prefix GITEA -- printenv")]
+  secrets run -n refining --kind service --name gitea --prefix GITEA -- printenv
+
+  # metadata.key_ref entries get key secrets merged (e.g. server + shared PEM)")]
    Run {
        #[arg(short, long)]
        namespace: Option<String>,