From 4c0c635b59f18c6ede4dae05f46b66d142f244e9 Mon Sep 17 00:00:00 2001
From: adohe <coolhzb@gmail.com>
Date: Tue, 21 Nov 2023 21:50:42 +0800
Subject: [PATCH] feat: add external secret store api and interface

---
 pkg/apis/secrets/types.go | 15 +++++++++++++++
 pkg/secrets/interface.go  | 21 +++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 pkg/apis/secrets/types.go
 create mode 100644 pkg/secrets/interface.go

diff --git a/pkg/apis/secrets/types.go b/pkg/apis/secrets/types.go
new file mode 100644
index 000000000..1962e122b
--- /dev/null
+++ b/pkg/apis/secrets/types.go
@@ -0,0 +1,15 @@
+package secrets
+
+// SecretStoreSpec contains configuration to describe target secret store.
+type SecretStoreSpec struct {
+	Provider *ProviderSpec `yaml:"provider" json:"provider"`
+}
+
+// ProviderSpec contains provider-specific configuration.
+type ProviderSpec struct {
+	AWS *AWSProvider `yaml:"aws,omitempty" json:"aws,omitempty"`
+}
+
+// AWSProvider configures a store to retrieve secrets from AWS.
+type AWSProvider struct {
+}
diff --git a/pkg/secrets/interface.go b/pkg/secrets/interface.go
new file mode 100644
index 000000000..23577151d
--- /dev/null
+++ b/pkg/secrets/interface.go
@@ -0,0 +1,21 @@
+package secrets
+
+import (
+	"context"
+
+	secretsapi "kusionstack.io/kusion/pkg/apis/secrets"
+)
+
+// SecretStore provides the interface to interact with various cloud secret manager.
+type SecretStore interface {
+	// GetSecret retrieves ref secret from backend secret manager.
+	GetSecret(ctx context.Context, ref string) ([]byte, error)
+}
+
+// SecretStoreProvider is a factory type for secret store.
+type SecretStoreProvider interface {
+	// Type returns a string that reflects the type of this provider.
+	Type() string
+	// NewSecretStore constructs a usable secret store with specific provider spec.
+	NewSecretStore(spec *secretsapi.SecretStoreSpec) (SecretStore, error)
+}