c1d86bc96d
Some checks failed
Secrets CLI - Build & Release / 探测 Runner (push) Successful in 1s
Secrets CLI - Build & Release / 版本 & Release (push) Successful in 3s
Secrets CLI - Build & Release / 质量检查 (fmt / clippy / test) (push) Failing after 21s
Secrets CLI - Build & Release / Build (x86_64-unknown-linux-musl) (push) Has been skipped
Secrets CLI - Build & Release / Build (aarch64-apple-darwin) (push) Has been skipped
Secrets CLI - Build & Release / 发布草稿 Release (push) Has been cancelled
Secrets CLI - Build & Release / 通知 (push) Has been cancelled
Secrets CLI - Build & Release / Build (x86_64-pc-windows-msvc) (push) Has been cancelled
- add secrets update: incremental merge for tags/metadata/encrypted - AGENTS.md: 提交前检查增加版本号与 git tag 说明 - README/AGENTS: update 命令文档与示例 - Cargo.toml 0.1.0 -> 0.2.0 (secrets-0.1.0 已存在) Made-with: Cursor
112 lines
3.1 KiB
Markdown
112 lines
3.1 KiB
Markdown
# secrets
|
||
|
||
跨设备密钥与配置管理 CLI,基于 Rust + PostgreSQL 18。
|
||
|
||
将服务器信息、服务凭据统一存入数据库,供本地工具和 AI 读取上下文。
|
||
|
||
## 安装
|
||
|
||
```bash
|
||
cargo build --release
|
||
# 或从 Release 页面下载预编译二进制
|
||
```
|
||
|
||
配置数据库连接:
|
||
|
||
```bash
|
||
export DATABASE_URL=postgres://postgres:<password>@<host>:5432/secrets
|
||
# 或在项目根目录创建 .env 文件写入上述变量
|
||
```
|
||
|
||
## 使用
|
||
|
||
```bash
|
||
# 查看版本
|
||
secrets -V
|
||
secrets --version
|
||
|
||
# 查看帮助
|
||
secrets --help
|
||
secrets -h
|
||
|
||
# 查看子命令帮助
|
||
secrets help add
|
||
secrets help search
|
||
secrets help delete
|
||
secrets help update
|
||
|
||
# 添加服务器
|
||
secrets add -n refining --kind server --name my-server \
|
||
--tag aliyun --tag shanghai \
|
||
-m ip=1.2.3.4 -m desc="My Server" \
|
||
-s username=root \
|
||
-s ssh_key=@./keys/my.pem
|
||
|
||
# 添加服务凭据
|
||
secrets add -n refining --kind service --name gitea \
|
||
-m url=https://gitea.example.com \
|
||
-s token=<token>
|
||
|
||
# 搜索(默认隐藏敏感字段)
|
||
secrets search
|
||
secrets search -n refining --kind server
|
||
secrets search --tag hongkong
|
||
secrets search -q mqtt # 关键词匹配 name / metadata / tags
|
||
secrets search -n refining --kind service --name gitea --show-secrets
|
||
|
||
# 增量更新已有记录(合并语义,记录不存在则报错)
|
||
secrets update -n refining --kind server --name my-server -m ip=10.0.0.1
|
||
secrets update -n refining --kind service --name gitea --add-tag production -s token=<new-token>
|
||
secrets update -n refining --kind service --name mqtt --remove-meta old_port --remove-secret old_key
|
||
|
||
# 删除
|
||
secrets delete -n refining --kind server --name my-server
|
||
```
|
||
|
||
## 数据模型
|
||
|
||
单张 `secrets` 表,首次连接自动建表。
|
||
|
||
| 字段 | 说明 |
|
||
|------|------|
|
||
| `namespace` | 一级隔离,如 `refining`、`ricnsmart` |
|
||
| `kind` | 记录类型,如 `server`、`service`(可自由扩展) |
|
||
| `name` | 人类可读唯一标识 |
|
||
| `tags` | 多维标签,如 `["aliyun","hongkong"]` |
|
||
| `metadata` | 明文描述信息(ip、desc、domains 等) |
|
||
| `encrypted` | 敏感凭据(ssh_key、password、token 等),MVP 阶段明文存储,预留加密字段 |
|
||
|
||
`-m` / `--meta` 写入 `metadata`,`-s` / `--secret` 写入 `encrypted`,`value=@file` 从文件读取内容。
|
||
|
||
## 项目结构
|
||
|
||
```
|
||
src/
|
||
main.rs # CLI 入口(clap)
|
||
db.rs # 连接池 + auto-migrate
|
||
models.rs # Secret 结构体
|
||
commands/
|
||
add.rs # upsert
|
||
search.rs # 多条件查询
|
||
delete.rs # 删除
|
||
update.rs # 增量更新(合并 tags/metadata/encrypted)
|
||
scripts/
|
||
seed-data.sh # 导入 refining / ricnsmart 全量数据
|
||
```
|
||
|
||
## CI/CD(Gitea Actions)
|
||
|
||
推送 `main` 分支时自动:fmt/clippy 检查 → musl 构建 → 创建 Release 并上传二进制。
|
||
|
||
**首次使用需配置 Actions 变量和 Secrets:**
|
||
|
||
```bash
|
||
# 需有 ~/.config/gitea/config.env(GITEA_URL、GITEA_TOKEN、GITEA_WEBHOOK_URL)
|
||
./scripts/setup-gitea-actions.sh
|
||
```
|
||
|
||
- `RELEASE_TOKEN`(Secret):Gitea PAT,用于创建 Release 上传二进制
|
||
- `WEBHOOK_URL`(Variable):飞书通知,可选
|
||
|
||
详见 [AGENTS.md](AGENTS.md)。
|