feat: implement API for creating & listing secrets

evgeniy-scherbina · evgeniy-scherbina · commit 78bfa240ca51 · 2025-07-14T20:51:54.000Z
diff --git a/coderd/database/db2sdk/db2sdk.go b/coderd/database/db2sdk/db2sdk.go
@@ -884,3 +884,14 @@ func PreviewParameterValidation(v *previewtypes.ParameterValidation) codersdk.Pr
 		Monotonic: v.Monotonic,
 	}
 }
+
+func UserSecret(secret database.UserSecret) codersdk.UserSecret {
+	return codersdk.UserSecret{
+		ID:          secret.ID,
+		UserID:      secret.UserID,
+		Name:        secret.Name,
+		Description: secret.Description,
+		CreatedAt:   secret.CreatedAt,
+		UpdatedAt:   secret.UpdatedAt,
+	}
+}
diff --git a/coderd/user_secrets.go b/coderd/user_secrets.go
@@ -1,6 +1,8 @@
 package coderd
 
 import (
+	"github.com/coder/coder/v2/coderd/database"
+	"github.com/coder/coder/v2/coderd/database/db2sdk"
 	"github.com/coder/coder/v2/coderd/httpmw"
 	"net/http"
 
@@ -9,16 +11,44 @@ import (
 )
 
 func (api *API) createUserSecret(rw http.ResponseWriter, r *http.Request) {
-	var (
-		ctx    = r.Context()
-		apiKey = httpmw.APIKey(r)
-
-		req codersdk.CreateTemplateVersionRequest
-	)
+	ctx := r.Context()
+	apiKey := httpmw.APIKey(r)
 
+	var req codersdk.CreateUserSecretRequest
 	if !httpapi.Read(ctx, rw, r, &req) {
 		return
 	}
 
-	//api.Database.GetUserByID()
+	secret, err := api.Database.InsertUserSecret(ctx, database.InsertUserSecretParams{
+		UserID:      apiKey.UserID,
+		Name:        req.Name,
+		Description: req.Description,
+		Value:       req.Value,
+	})
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	httpapi.Write(ctx, rw, http.StatusCreated, db2sdk.UserSecret(secret))
+}
+
+func (api *API) listUserSecrets(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	apiKey := httpmw.APIKey(r)
+
+	secrets, err := api.Database.ListUserSecrets(ctx, apiKey.UserID)
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	response := codersdk.ListUserSecretsResponse{
+		Secrets: make([]codersdk.UserSecret, len(secrets)),
+	}
+	for i, secret := range secrets {
+		response.Secrets[i] = db2sdk.UserSecret(secret)
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, response)
 }
diff --git a/codersdk/user_secrets.go b/codersdk/user_secrets.go
@@ -1,12 +1,38 @@
 package codersdk
 
-// TODO:
+import (
+	"github.com/google/uuid"
+	"time"
+)
+
+// TODO: add and register custom validator functions. check codersdk/name.go for examples.
+// TODO: reuse NameValid func for Name?
 type CreateUserSecretRequest struct {
-	Name        string `json:"name,omitempty"`
-	Description string `json:"description,omitempty"`
-	Value       string `json:"value,omitempty"`
+	Name        string `json:"name" validate:"required"`
+	Description string `json:"description,omitempty" validate:"lt=1000"`
+	Value       string `json:"value" validate:"required"`
+}
+
+type UpdateUserSecretRequest struct {
+	Name        string `json:"name" validate:"required"`
+	Description string `json:"description,omitempty" validate:"lt=1000"`
+	Value       string `json:"value" validate:"required"`
+}
+
+// Response types
+type UserSecret struct {
+	ID          uuid.UUID `json:"id" format:"uuid"`
+	UserID      uuid.UUID `json:"user_id" format:"uuid"`
+	Name        string    `json:"name"`
+	Description string    `json:"description,omitempty"`
+	CreatedAt   time.Time `json:"created_at" format:"date-time"`
+	UpdatedAt   time.Time `json:"updated_at" format:"date-time"`
+}
+
+type UserSecretValue struct {
+	Value string `json:"value"`
+}
 
-	Name       string    `json:"name,omitempty" validate:"omitempty,template_version_name"`
-	Message    string    `json:"message,omitempty" validate:"lt=1048577"`
-	TemplateID uuid.UUID `json:"template_id,omitempty" format:"uuid"`
+type ListUserSecretsResponse struct {
+	Secrets []UserSecret `json:"secrets"`
 }
