Generic user-extensible SecretProvider (mint short-lived secrets in the manifest) #355
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Generalize the existing
DeployKeyProvisioner(PRD 0048 —bot_bottle/deploy_key_provisioner.py, contrib implbot_bottle/contrib/gitea/deploy_key_provisioner.py) into a genericSecretProviderthat can be referenced anywhere in a manifest a raw token/secret value can be set, minting short-lived, scoped credentials where the upstream supports it instead of embedding a long-lived static value.Motivation
Directly reduces the long-lived-credential concentration flagged in PRD 0070's (#351) security review: where an upstream can issue short-lived derived creds (GitHub App installation tokens, OAuth/STS token exchange, Gitea/forge deploy tokens), the bottle/sidecar should hold an expiring, narrowly-scoped credential minted at start (or per request), not a permanent secret. A compromise then leaks short-lived material, not the crown jewels. For upstreams stuck on static keys, a provider can still pass the raw value through, so the manifest surface is uniform.
Shape
SecretProvider(mirrorsDeployKeyProvisioner):mint(context) -> Secret(+ lifecycle/revoke where applicable).DeployKeyProvisionerbecomes one implementation of it (or its narrower cousin).{ provider: <name>, ... }— resolved at bottle start / per request to a concrete (ideally short-lived) value. Unknown provider → fail at parse time (consistent with existing manifest strictness).~/.bot-bottle/contrib/<name>/secret_provider.pyvia theAgentProvider._load_user_pluginmechanism (user dir checked first, can shadow built-ins). Rationale: maintaining every possible forge/cloud/OAuth provider in-tree is untenable — let users bring their own exactly as they bring their own agent providers. Built-ins stay minimal (gitea to start).Relationship
SecretProviders and hands the data plane short-lived derived creds. But this issue is shippable independently of the orchestrator (today's per-bottle sidecars can use it too).Open questions