secrets.go

package auth

import "sort"

// MissingDeployedSecrets returns the names of secrets that must be non-empty in
// deployed environments (staging/production) but are currently unset. It returns
// nil for non-deployed environments (development, acctest) and when every
// required secret is present, so callers can treat a non-empty result as fatal.
//
// This closes the fail-open gap where an empty USER_SIGNING_KEY turns the
// user-header signature check into a no-op (forgeable identity) and an empty
// INTERNAL_API_KEY leaves the authz cache-hydration endpoint unauthenticated.
// See ADR-0005 and ADR-0006.
func MissingDeployedSecrets(environment string, secrets map[string]string) []string {
	if environment != "staging" && environment != "production" {
		return nil
	}
	var missing []string
	for name, value := range secrets {
		if value == "" {
			missing = append(missing, name)
		}
	}
	sort.Strings(missing)
	return missing
}
feat: initial shared auth module 2026-06-15 11:43:11 +02:00			`package auth`

			`import "sort"`

			`// MissingDeployedSecrets returns the names of secrets that must be non-empty in`
			`// deployed environments (staging/production) but are currently unset. It returns`
			`// nil for non-deployed environments (development, acctest) and when every`
			`// required secret is present, so callers can treat a non-empty result as fatal.`
			`//`
			`// This closes the fail-open gap where an empty USER_SIGNING_KEY turns the`
			`// user-header signature check into a no-op (forgeable identity) and an empty`
			`// INTERNAL_API_KEY leaves the authz cache-hydration endpoint unauthenticated.`
			`// See ADR-0005 and ADR-0006.`
			`func MissingDeployedSecrets(environment string, secrets map[string]string) []string {`
			`if environment != "staging" && environment != "production" {`
			`return nil`
			`}`
			`var missing []string`
			`for name, value := range secrets {`
			`if value == "" {`
			`missing = append(missing, name)`
			`}`
			`}`
			`sort.Strings(missing)`
			`return missing`
			`}`