feat: add offline support with automatic secret caching#294
Draft
feat: add offline support with automatic secret caching#294
Conversation
Deploying phase-cli-install-script with
|
| Latest commit: |
8c3e5ee
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://385d9723.phase-cli-install-script.pages.dev |
| Branch Preview URL: | https://feat-offline-support.phase-cli-install-script.pages.dev |
Configure the SDK's OfflineConfig in NewPhase to enable transparent caching of encrypted API responses. Users set PHASE_OFFLINE=1 to serve secrets from cache when network is unavailable. - Always store wrapped_key_share after auth (remove OfflineEnabled gate) - pkg/offline: IsOffline() and CacheDir() helpers - pkg/phase: configure SDK OfflineConfig from PHASE_OFFLINE env var - pkg/errors: network error messages include PHASE_OFFLINE=1 hint - go.mod: local replace directive for SDK development Depends on: phasehq/golang-sdk#21
nimish-ks
force-pushed
the
feat/offline-support
branch
from
2f53b5a to
446f66b
Compare
Regular logout (without --purge) was not cleaning up the user's
offline cache directory. Now removes ~/.phase/secrets/offline/{id}/
when logging out a specific user. Uses offline.CacheDir() to keep
the path definition in one place.
nimish-ks
force-pushed
the
feat/offline-support
branch
from
ae74077 to
ac681e5
Compare
Missed in the initial offline support commit — the other three auth files (auth.go, auth_aws.go, auth_webauth.go) were already updated.
Avoid implying cached data exists when it may not (e.g. first-time users). Changed to "if available" phrasing.
Prevents cache pollution when ad-hoc env var auth uses a different identity than the logged-in config user.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds offline support to the Phase CLI. Encrypted API responses are cached locally on every successful fetch. Users set
PHASE_OFFLINE=1to serve secrets from cache when network is unavailable.Depends on: phasehq/golang-sdk#21
Behavior
1/trueChanges
cmd/auth*.go— always storewrapped_key_share(removeOfflineEnabledgate)pkg/offline/—IsOffline()andCacheDir()helperspkg/phase/phase.go— configures SDKOfflineConfigfromPHASE_OFFLINEenv varpkg/errors/errors.go— network error messages includePHASE_OFFLINE=1hintgo.mod— local replace directive for SDK developmentCache structure
Test plan
phase auth→ verifywrapped_key_sharein~/.phase/secrets/config.jsonphase secrets list→ verify cache files are encrypted JSON (not plaintext)phase secrets list→ fails withPHASE_OFFLINE=1hintPHASE_OFFLINE=1 phase secrets list→ serve from cachePHASE_OFFLINE=1 phase secrets create ...→ error cleanlyPHASE_OFFLINE=1→ skipped with warningPHASE_OFFLINE=0 PHASE_HOST=https://bogus:777 phase secrets list→ no fallback, clean error