feat: objects in vault are stored as a single secret

Co-authored-by: Dmitry Fedotov <dmitry@uint32.ru> Co-committed-by: Dmitry Fedotov <dmitry@uint32.ru>
2025-08-10 13:02:38 +03:00
parent 32ac8612f1
commit 3757a43318
5 changed files with 94 additions and 40 deletions
--- a/storage.go
+++ b/storage.go
@@ -53,11 +53,13 @@ func NewFS(path string) (Storage, error) {
 }

 // NewVault uses provided Vault client to store objects.
-// The provided path is used as base path for
-// keys. Objects saved to Storage will be put at
-// /path/key as new secrets.
-// Bytes passed to storage will be base64 encoded and saved
-// in Vault as string.
+// All objects are stored as a single secret, a JSON object
+// where key are keys and values are base64 encoded bytes of
+// saved object.
+// If secret specified by path does not exist it will be created
+// on first call to Storage methods.
+// Note that a secret in vault gets updated (a new version of secret is created)
+// on every save/delete operation.
 func NewVault(client *api.Client, path string) Storage {
 	return vault.New(client, path)
 }