Lib.rs

AuthenticationSiphon
#secret-management #keychain #vault #parser #siphon #env-var #macos #1password #url-scheme #onepassword

siphon-secrets

Secret management with multiple backend support for Siphon

Owned by Rémi Kalbe.

2 releases

0.1.1 Dec 27, 2025
0.1.0 Dec 26, 2025

#2027 in Authentication


Used in 3 crates

MIT license

25KB
524 lines

Secret management with multiple backend support

This crate provides a unified interface for resolving secrets from various backends:

  • OS Keychain (keychain://service/key): macOS Keychain, Windows Credential Manager, Linux Secret Service
  • 1Password CLI (op://vault/item/field): Requires op CLI to be installed and authenticated
  • Environment variables (env://VAR_NAME): Read from process environment
  • Files (file:///path or just /path): Read content from filesystem
  • Plain values: Any string without a URI scheme is treated as a literal value

Example

use siphon_secrets::{SecretUri, SecretResolver};

// Parse a secret URI from config
let uri: SecretUri = "keychain://myapp/api-token".parse()?;

// Resolve to actual value
let resolver = SecretResolver::new();
let secret = resolver.resolve(&uri)?;

Features

  • keychain (default): Enable OS keychain support via keyring crate
  • onepassword (default): Enable 1Password CLI support
  • env (default): Enable environment variable support
  • file (default): Enable file reading support

Dependencies

~5–19MB
~123K SLoC