get_secret
Retrieve secrets from your vault by key, collapse multi-environment states, and log access automatically to prevent plaintext leaks.
Instructions
Retrieve a secret by key. Collapses superposition if the secret has multiple environment states. Records access in audit log (observer effect).
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| key | Yes | The secret key name | |
| scope | No | Scope: global or project | |
| projectPath | No | Project root path for project-scoped secrets | |
| env | No | Environment for superposition collapse (e.g., dev, staging, prod) |
Implementation Reference
- src/core/keyring.ts:85-124 (handler)The getSecret function retrieves a secret, handling scope resolution, decay checks, superposition collapse, and audit logging.
export function getSecret( key: string, opts: KeyringOptions = {}, ): string | null { const scopes = resolveScope(opts); const env = resolveEnv(opts); const source = opts.source ?? "cli"; for (const { service, scope } of scopes) { const envelope = readEnvelope(service, key); if (!envelope) continue; // Check decay const decay = checkDecay(envelope); if (decay.isExpired) { logAudit({ action: "read", key, scope, source, detail: "blocked: secret expired (quantum decay)", }); continue; } // Collapse superposition const value = collapseValue(envelope, env); if (value === null) continue; // Observer effect: record access and persist const updated = recordAccess(envelope); writeEnvelope(service, key, updated); logAudit({ action: "read", key, scope, env, source }); return value; } return null; }