Define secrets store credential format

Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>

Author: Benehiko

store/examples/secret.go

@@ -0,0 +1,29 @@
+package examples
+
+import (
+	"bytes"
+	"errors"
+
+	"github.com/docker/secrets-engine/pkg/secrets"
+)
+
+type secret struct {
+	AccessToken  string
+	RefreshToken string
+}
+
+var _ secrets.Secret = &secret{}
+
+func (s *secret) Marshal() ([]byte, error) {
+	return []byte(s.AccessToken + ":" + s.RefreshToken), nil
+}
+
+func (s *secret) Unmarshal(data []byte) error {
+	tokens := bytes.Split(data, []byte(":"))
+	if len(tokens) != 2 {
+		return errors.New("invalid secret format")
+	}
+
+	s.AccessToken, s.RefreshToken = string(tokens[0]), string(tokens[1])
+	return nil
+}

store/examples/secrets_test.go

@@ -0,0 +1,21 @@
+package examples
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestSecretExample(t *testing.T) {
+	s := &secret{
+		AccessToken:  "access_token",
+		RefreshToken: "refresh_token",
+	}
+	data, err := s.Marshal()
+	require.NoError(t, err)
+	require.Equal(t, string(data), "access_token:refresh_token")
+
+	anotherSecret := &secret{}
+	require.NoError(t, anotherSecret.Unmarshal(data))
+	require.EqualValues(t, s, anotherSecret)
+}

store/go.mod

@@ -0,0 +1,16 @@
+module github.com/docker/secrets-engine/store
+
+go 1.24.3
+
+replace github.com/docker/secrets-engine => ../
+
+require (
+	github.com/docker/secrets-engine v0.0.0-00010101000000-000000000000
+	github.com/stretchr/testify v1.10.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

store/go.sum

@@ -0,0 +1,10 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

store/store.go

@@ -0,0 +1,47 @@
+package secrets
+
+import "context"
+
+// Secret is a generic type that represents the actual secret values
+//
+// The implementer is responsible for defining the data structure of their secrets.
+//
+// Example:
+//
+//	type secret struct {
+//		AccessToken string
+//		RefreshToken string
+//	}
+//
+//	func (s *secret) Marshal() ([]byte, error) {
+//		return []byte(s.AccessToken+":"+s.RefreshToken), nil
+//	}
+//
+//	func (s *secret) Unmarshal(data []byte) error {
+//		tokens := bytes.Split(data, []byte(":"))
+//		if len(tokens) != 2 {
+//			return errors.New("invalid secret format")
+//		}
+//
+//		s.AccessToken, s.RefreshToken = string(tokens[0]), string(tokens[1])
+//		return nil
+//	}
+type Secret interface {
+	// Marshal the secret into a slice of bytes
+	Marshal() ([]byte, error)
+	// Unmarshal the secret from a slice of bytes into its structured format
+	Unmarshal(data []byte) error
+}
+
+// Store defines a strict format for secrets to conform to when interacting
+// with the secrets engine
+type Store interface {
+	// Erase removes credentials from the store for a given ID.
+	Erase(ctx context.Context, id ID) error
+	// Get retrieves credentials from the store for a given ID.
+	Get(ctx context.Context, id ID) (Secret, error)
+	// GetAll retrieves all the credentials from the store.
+	GetAll(ctx context.Context) (map[ID]Secret, error)
+	// Store saves credentials in the store.
+	Store(ctx context.Context, id ID, secret Secret) error
+}