mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-09 13:21:42 +00:00
Resolve provider credentials from 1Password op://vault/item/field references
at startup via the official `op` CLI, alongside the existing Bitwarden source.
Users map env-var names to references in secrets.onepassword.env; after .env
loads, each is resolved with `op read` and injected into os.environ. Auth is
whatever `op` already uses (service-account token or desktop/interactive
session) — Hermes never authenticates or installs `op` itself.
Startup-safe and fail-open: a missing binary, expired auth, a bad reference,
or an empty value each warn and fall back to existing credentials, never
blocking startup. Successful, complete pulls are cached in-process and on disk
(<hermes_home>/cache/op_cache.json, 0600) via the shared DiskCache; only
secret values are stored, never the token (auth is fingerprinted into the
key). Adds `hermes secrets onepassword {setup,status,set,remove,sync,disable}`
(aliases op/1password), config defaults, the cli-config example, docs, and
hermetic tests.
Hardening applied across both backends in env_loader: each source runs in its
own guard, config sections are coerced to dict, and cache_ttl_seconds is
coerced defensively — so a malformed secrets: section can't abort startup.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
41 lines
1.7 KiB
Python
41 lines
1.7 KiB
Python
"""External secret source integrations.
|
|
|
|
A secret source is anything that can supply environment-variable-shaped
|
|
credentials at process startup, _after_ ~/.hermes/.env has loaded.
|
|
|
|
The contract every source implements is
|
|
:class:`agent.secret_sources.base.SecretSource`; the orchestrator that
|
|
runs the enabled sources (ordering, mapped-beats-bulk precedence,
|
|
first-claim-wins conflicts, ``override_existing`` semantics, provenance)
|
|
is :func:`agent.secret_sources.registry.apply_all`. Multiple sources
|
|
can be enabled at once — see the registry module docstring for the
|
|
precedence ladder. The atomic-write / 0600 / TTL disk-cache substrate
|
|
is shared across backends in ``agent.secret_sources._cache`` so the
|
|
security-sensitive bits live in exactly one place.
|
|
|
|
Currently bundled:
|
|
|
|
- ``bitwarden`` — Bitwarden Secrets Manager (`bws` CLI). See
|
|
``agent.secret_sources.bitwarden`` for the integration and
|
|
``hermes_cli.secrets_cli`` for the user-facing setup wizard.
|
|
- ``onepassword`` — 1Password ``op://`` secret references (`op` CLI).
|
|
See ``agent.secret_sources.onepassword`` for the integration and
|
|
``hermes_cli.onepassword_secrets_cli`` for the user-facing commands.
|
|
|
|
The bundled set is deliberately closed (policy mirrors memory
|
|
providers): new third-party secret managers ship as standalone plugin
|
|
repos that subclass ``SecretSource`` and register through
|
|
``PluginContext.register_secret_source()`` — they are NOT added to this
|
|
package. A generic ``command`` source is a possible future exception;
|
|
OS keystores (Keychain/DPAPI/libsecret) are under discussion.
|
|
"""
|
|
|
|
from agent.secret_sources.base import ( # noqa: F401
|
|
SECRET_SOURCE_API_VERSION,
|
|
ErrorKind,
|
|
FetchResult,
|
|
SecretSource,
|
|
is_valid_env_name,
|
|
run_secret_cli,
|
|
scrub_ansi,
|
|
)
|