feat: set secrets endpoint

Benehiko · Benehiko · commit 268f4074b05e · 2026-02-10T15:22:20.000+01:00
Signed-off-by: Alano Terblanche &lt;18033717+Benehiko@users.noreply.github.com&gt;
diff --git a/runtime/internal/routes/auth.go b/runtime/internal/routes/auth.go
@@ -0,0 +1,10 @@
+package routes
+
+import "net/http"
+
+func init() {
+	registerPrivateRoute(authSecretsHandler)
+}
+
+func authSecretsHandler(c Config) (Path, http.Handler, error) {
+}
diff --git a/runtime/internal/services/authsecrets/authsecrets.go b/runtime/internal/services/authsecrets/authsecrets.go
@@ -0,0 +1,26 @@
+package authsecrets
+
+import (
+	"context"
+
+	"github.com/docker/secrets-engine/runtime/internal/registry"
+	"github.com/docker/secrets-engine/x/logging"
+	"github.com/docker/secrets-engine/x/secrets"
+	"github.com/docker/secrets-engine/x/telemetry"
+)
+
+func New() Service {
+	return &authService{}
+}
+
+type Service interface {
+	Save(ctx context.Context, id secrets.ID, secret secrets.Envelope) error
+	Delete(ctx context.Context, id secrets.ID) error
+	Get(ctx context.Context, id secrets.ID) (secrets.Envelope, error)
+}
+
+type authService struct {
+	reg     registry.Registry
+	logger  logging.Logger
+	tracker telemetry.Tracker
+}
diff --git a/x/api/authsecrets/secrets.go b/x/api/authsecrets/secrets.go
@@ -0,0 +1 @@
+package authsecrets
diff --git a/x/api/authsecrets/v1/api.proto b/x/api/authsecrets/v1/api.proto
@@ -0,0 +1,68 @@
+edition = "2023";
+
+package resolver.v1;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/duration.proto";
+
+option go_package = "github.com/docker/secrets-engine/x/api/authsecrets/v1;authsecretsv1";
+
+service AuthSecretsService {
+  // Resolve a secret by its ID.
+  rpc GetSecrets(GetAuthSecretRequest) returns (GetAuthSecretResponse);
+  rpc SetSecret(SetAuthSecretRequest) returns (SetAuthSecretResponse);
+  rpc DeleteSecret(DeleteAuthSecretRequest) returns (DeleteAuthSecretResponse);
+}
+
+message DeleteAuthSecretRequest {
+  // ID of the secret
+  string id = 1;
+}
+
+message DeleteAuthSecretResponse {}
+
+message GetAuthSecretRequest {
+  // ID of the secret to resolve.
+  string pattern = 1;
+}
+
+message SetAuthSecretRequest {
+  // ID of the secret
+  string id = 1;
+  string username = 2;
+  string email = 3;
+  // The secret value
+  bytes value = 4;
+  // The public metadata of the secret
+  map<string, string> metadata = 5;
+  google.protobuf.Timestamp expires_at = 10;
+}
+
+message SetAuthSecretResponse {}
+
+message GetAuthSecretResponse {
+  repeated AuthSecret secrets = 1;
+
+  message AuthSecret {
+    // ID of the secret to resolve.
+    string id = 1;
+    // The resolved secret value.
+    bytes value = 2;
+
+    string username = 3;
+
+    string email = 4;
+
+    string provider = 5;
+
+    map<string, string> metadata = 6;
+
+    string version = 7;
+
+    google.protobuf.Timestamp created_at = 8;
+
+    google.protobuf.Timestamp resolved_at = 9;
+
+    google.protobuf.Timestamp expires_at = 10;
+  }
+}
