Skip to content

draft: add vault foundation for encrypted store#159

Merged
xaaha merged 45 commits intoepic/encryption-v0.3from
126-vault-age-encryption-os-keychain-key-management
Apr 3, 2026
Merged

draft: add vault foundation for encrypted store#159
xaaha merged 45 commits intoepic/encryption-v0.3from
126-vault-age-encryption-os-keychain-key-management

Conversation

@xaaha
Copy link
Copy Markdown
Owner

@xaaha xaaha commented Apr 3, 2026

Summary

  • add the initial pkg/vault foundation for age-based encrypted store support
  • add identity/keypair, encryption/decryption, and store read/write coverage with tests
  • update related utilities needed by the vault layer

What is included

  • pkg/vault/crypto.go and tests
  • pkg/vault/keys.go and tests
  • pkg/vault/store.go and tests
  • pkg/vault/vault.go and tests
  • utility support for config/project marker resolution
  • action/template test updates touched by the vault integration work

Why this is a draft PR

This branch appears to be a strong first implementation of #126, but it may not fully match the final issue scope yet.

Notably, the issue body still describes some broader foundation expectations, such as:

  • identity fallback chain via HULAK_MASTER_KEY
  • clearer recipient-loading foundation for multi-recipient support
  • final bootstrap boundary decisions between #126 and #130

This PR is intentionally targeting the integration branch epic/encryption-v0.3, not main, so follow-up encryption tickets can stack cleanly without blocking bugfix work on main.

Validation

  • go test ./...
  • pkg/vault LSP diagnostics clean

Related

Pratik Thapa and others added 30 commits March 18, 2026 22:57
generate key
84bccb7
@xaaha
key pair
d8e1c41
@xaaha
Merge branch 'main' into 126-vault-age-encryption-os-keychain-key-man…
7702f0d 
…agement
use struct
a540579
rename
67633df
create config dir for unix and windows
7ee26dd
Encrypt
c51ed04
decrypt
5296861
use io.Reader
439f8de
use idomatic go
659687a
de-couple the function
048d678
use os.UserConfigDir
8b913a4
use project name
1130716
init identity
ccd30ef
trim
6618804
add encrypt and decrypt in crypto
c3ba270
fix the ordering bug
7a5b970
cmt
7b986e2
cmt
0ed3be9
sort errors
da8895e
store identity and secret
ac1cc69
get project marker
074ae0c
linter
e78d67b
use find project root, not cwd
3f59e28 
this centralizes the logic around cwd in hulak
delete identity and small refactor
4fbea98
re-arrange
a807611
reset
a778191
cmt
13b3aa4
start store
acee3e0
move key generation to vault
7e5c5e5
@xaaha xaaha marked this pull request as ready for review April 3, 2026 01:15
@xaaha xaaha merged commit 681deb0 into epic/encryption-v0.3 Apr 3, 2026
@xaaha xaaha deleted the 126-vault-age-encryption-os-keychain-key-management branch April 3, 2026 01:16
pthapa1 added a commit that referenced this pull request Apr 12, 2026
@pthapa1
Merge pull request #161 from xaaha/epic/encryption-v0.3
b9c70e8 
draft: add vault foundation for encrypted store (#159)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pthapa1 pthapa1 pthapa1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xaaha @pthapa1