dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

auto(0129): agents_dashboard — secret_store_cpp_infra + CMakeLists register #4

Open
dataforge wants to merge 615 commits from auto/0129 into master
pull from: auto/0129
merge into: dataforge:master
Conversation 0 Commits 615 Files Changed 6392
+12 -23
1 changed files with 12 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 11e6e27ad1 - Show all commits
cpp/functions/infra/secret_store.md
+12 -23
View File
@@ -1,41 +1,30 @@
---
id: secret_store_cpp_infra
name: secret_store
kind: function
lang: cpp
domain: infra
version: 1.0.0
version: "1.0.0"
purity: impure
signature: "fn_secret::encrypt(plaintext) -> blob; fn_secret::decrypt(blob) -> string; fn_secret::is_strong() -> bool"
signature: "fn_secret::encrypt(plaintext) -> vector<uint8_t>; fn_secret::decrypt(blob) -> string; fn_secret::is_strong() -> bool"
description: "Encrypt/decrypt sensitive strings for local SQLite storage. Windows: DPAPI (user-bound, machine-local, cryptographically strong). Linux/WSL fallback: XOR with per-user seed key (not crypto-secure, shows warning). Used by agents_dashboard to store API keys."
tags: [security, credentials, dpapi, encrypt, infra, agents]
uses_functions: []
uses_types: []
returns: ""
returns: []
returns_optional: false
error_type: ""
imports: "infra/secret_store.h"
example: |
#include "infra/secret_store.h"
// Encrypt an API key before storing in SQLite:
std::string apikey = "sk-mykey-123";
auto blob = fn_secret::encrypt(apikey);
// store blob in SQLite BLOB column...
// Decrypt when needed:
std::string recovered = fn_secret::decrypt(blob);
assert(recovered == apikey);
// Check platform strength:
if (!fn_secret::is_strong()) {
// Show warning: Linux fallback is NOT crypto-secure
}
error_type: "error_go_core"
imports: [infra/secret_store.h]
tested: false
tests: []
test_file_path: ""
file_path: "cpp/functions/infra/secret_store.cpp"
params_schema: '{"params":[{"name":"plaintext","desc":"Sensitive string to encrypt (API key, password, token)."},{"name":"blob","desc":"Opaque byte vector returned by encrypt(), stored as SQLite BLOB."}],"output":"encrypt returns vector<uint8_t> blob (empty on failure). decrypt returns plaintext string (empty on failure). is_strong() returns true on Windows (DPAPI), false on Linux (XOR fallback)."}'
framework: ""
params:
- name: plaintext
desc: "Sensitive string to encrypt (API key, password, token)."
- name: blob
desc: "Opaque byte vector returned by encrypt(), stored as SQLite BLOB column."
output: "encrypt returns vector<uint8_t> blob (empty on failure). decrypt returns plaintext string (empty on failure). is_strong() returns true on Windows (DPAPI), false on Linux (XOR fallback)."
---
# secret_store