refining/secrets
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 61 Wiki Activity

feat(nn): entry–secret N:N, unique secret names, web unlink
Some checks failed
Secrets MCP — Build & Release / 检查 / 构建 / 发版 (push) Failing after 2m37s
Details
Secrets MCP — Build & Release / 部署 secrets-mcp (push) Has been skipped
Details

Browse Source 
Bump secrets-mcp to 0.3.8 (tag 0.3.7 already used).

- Junction table entry_secrets; secrets user-scoped with type
- Per-user unique secrets.name; link_secret_names on add
- Manual migrations + migrate script; MCP/tool and Web updates

Made-with: Cursor
This commit is contained in:
王松
2026-04-03 17:37:04 +08:00
parent df701f21b9
commit c6fb457734
20 changed files with 1103 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
crates/secrets-mcp/src/tools.rs
View File

@@ -225,12 +225,18 @@ struct AddInput {
description = "Metadata fields as a JSON object {\"key\": value}. Merged with 'meta' if both provided."
)]
meta_obj: Option<Map<String, Value>>,
#[schemars(description = "Secret fields as 'key=value' strings")]
#[schemars(
description = "Secret fields as 'key=value' strings. Reminder: non-sensitive endpoint/address fields should go to metadata.address instead of secrets."
)]
secrets: Option<Vec<String>>,
#[schemars(
description = "Secret fields as a JSON object {\"key\": \"value\"}. Merged with 'secrets' if both provided."
description = "Secret fields as a JSON object {\"key\": \"value\"}. Merged with 'secrets' if both provided. Reminder: non-sensitive endpoint/address fields should go to metadata.address."
)]
secrets_obj: Option<Map<String, Value>>,
#[schemars(
description = "Link existing secrets by secret name. Names must resolve uniquely under current user."
)]
link_secret_names: Option<Vec<String>>,
}
#[derive(Debug, Deserialize, JsonSchema)]
@@ -259,10 +265,12 @@ struct UpdateInput {
meta_obj: Option<Map<String, Value>>,
#[schemars(description = "Metadata field keys to remove")]
remove_meta: Option<Vec<String>>,
#[schemars(description = "Secret fields to update/add as 'key=value' strings")]
#[schemars(
description = "Secret fields to update/add as 'key=value' strings. Reminder: non-sensitive endpoint/address fields should go to metadata.address instead of secrets."
)]
secrets: Option<Vec<String>>,
#[schemars(
description = "Secret fields to update/add as a JSON object {\"key\": \"value\"}. Merged with 'secrets' if both provided."
description = "Secret fields to update/add as a JSON object {\"key\": \"value\"}. Merged with 'secrets' if both provided. Reminder: non-sensitive endpoint/address fields should go to metadata.address."
)]
secrets_obj: Option<Map<String, Value>>,
#[schemars(description = "Secret field keys to remove")]
@@ -429,10 +437,20 @@ impl SecretsService {
.entries
.iter()
.map(|e| {
let schema: Vec<&str> = result
let schema: Vec<serde_json::Value> = result
.secret_schemas
.get(&e.id)
.map(|f| f.iter().map(|s| s.field_name.as_str()).collect())
.map(|f| {
f.iter()
.map(|s| {
serde_json::json!({
"id": s.id,
"name": s.name,
"type": s.secret_type,
})
})
.collect()
})
.unwrap_or_default();
serde_json::json!({
"id": e.id,
@@ -517,10 +535,20 @@ impl SecretsService {
"updated_at": e.updated_at.format("%Y-%m-%dT%H:%M:%SZ").to_string(),
})
} else {
let schema: Vec<&str> = result
let schema: Vec<serde_json::Value> = result
.secret_schemas
.get(&e.id)
.map(|f| f.iter().map(|s| s.field_name.as_str()).collect())
.map(|f| {
f.iter()
.map(|s| {
serde_json::json!({
"id": s.id,
"name": s.name,
"type": s.secret_type,
})
})
.collect()
})
.unwrap_or_default();
serde_json::json!({
"id": e.id,
@@ -639,6 +667,7 @@ impl SecretsService {
if let Some(obj) = input.secrets_obj {
secrets.extend(map_to_kv_strings(obj));
}
let link_secret_names = input.link_secret_names.unwrap_or_default();
let folder = input.folder.as_deref().unwrap_or("");
let entry_type = input.entry_type.as_deref().unwrap_or("");
let notes = input.notes.as_deref().unwrap_or("");
@@ -653,6 +682,7 @@ impl SecretsService {
tags: &tags,
meta_entries: &meta,
secret_entries: &secrets,
link_secret_names: &link_secret_names,
user_id: Some(user_id),
},
&user_key,