Graphorin API reference v0.1.0

---

Graphorin API reference / @graphorin/core / / SecretsStore

Interface: SecretsStore

Defined in: packages/core/src/contracts/secrets-store.ts:43

Pluggable secret-managing storage. Concrete implementations live in @graphorin/security (KeyringSecretsStore, EncryptedFileSecretsStore, EnvSecretsStore, MemorySecretsStore).

The interface is intentionally narrow: every method either returns a SecretValue or a piece of metadata that is safe to log. The raw value is never returned as a string from this surface.

Stable

Methods

delete()

delete(key, scope?): Promise<void>;

Defined in: packages/core/src/contracts/secrets-store.ts:60

Parameters

Parameter	Type
key	string
scope?	SessionScope

Returns

Promise<void>

---

get()

get(key, scope?): Promise<SecretValue | null>;

Defined in: packages/core/src/contracts/secrets-store.ts:45

Returns the secret if it exists, null otherwise.

Parameters

Parameter	Type
key	string
scope?	SessionScope

Returns

Promise<SecretValue | null>

---

list()

list(scope?): Promise<readonly SecretMetadata[]>;

Defined in: packages/core/src/contracts/secrets-store.ts:63

Returns metadata about every key — never the values themselves.

Parameters

Parameter	Type
scope?	SessionScope

Returns

Promise<readonly SecretMetadata[]>

---

require()

require(key, scope?): Promise<SecretValue>;

Defined in: packages/core/src/contracts/secrets-store.ts:52

Returns the secret or throws. Implementations enforce the per-tool secretsAllowed ACL: if the current tool context disallows key, throw SecretAccessDeniedError.

Parameters

Parameter	Type
key	string
scope?	SessionScope

Returns

Promise<SecretValue>

---

set()

set(
   key, 
   value, 
opts?): Promise<void>;

Defined in: packages/core/src/contracts/secrets-store.ts:58

Persist a secret. Implementations auto-wrap a plain string into a SecretValue so callers don't have to.

Parameters

Parameter	Type
key	string
value	| string | SecretValue
opts?	SecretsSetOptions

Returns

Promise<void>