PersistentAI API Documentation / @persistent-ai/fireflow-trpc / server / FireFlowNativeProvider

Class: FireFlowNativeProvider

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:21

Native FireFlow secrets provider using PostgreSQL + HKDF + AES-256-GCM.

Secrets are encrypted per-user using a master key + salt + userId to derive a unique encryption key per user. Stores ciphertext in the fireflow_secrets table.

Implements

• ISecretsProvider

Constructors

Constructor

new FireFlowNativeProvider(store, masterKeyHex, saltHex): FireFlowNativeProvider

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:27

Parameters

store

IVaultStore

masterKeyHex

string

saltHex

string

Returns

FireFlowNativeProvider

Properties

providerId

readonly providerId: "fireflow-native" = 'fireflow-native'

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:22

Implementation of

ISecretsProvider.providerId

Methods

deleteSecret()

deleteSecret(secretId, ownerId): Promise<void>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:126

Delete a secret.

Parameters

secretId

string

ownerId

string

Returns

Promise<void>

Implementation of

ISecretsProvider.deleteSecret

---

getSecretMetadata()

getSecretMetadata(secretId, ownerId): Promise<SecretMetadata | null>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:95

Get metadata for a single secret (no value).

Parameters

secretId

string

ownerId

string

Returns

Promise<SecretMetadata | null>

Implementation of

ISecretsProvider.getSecretMetadata

---

listSecrets()

listSecrets(ownerId, filter?): Promise<SecretMetadata[]>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:76

List secret metadata (no values) for an owner.

Parameters

ownerId

string

filter?

SecretFilter

Returns

Promise<SecretMetadata[]>

Implementation of

ISecretsProvider.listSecrets

---

resolveSecret()

resolveSecret(secretId, ownerId): Promise<ResolvedSecret>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:57

Retrieve a secret's plaintext value. Used internally by VaultService for ECDH re-encryption. NEVER exposed to nodes directly - always re-encrypted first.

Parameters

secretId

string

ownerId

string

Returns

Promise<ResolvedSecret>

Implementation of

ISecretsProvider.resolveSecret

---

secretExists()

secretExists(ownerId, name, secretType): Promise<boolean>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:133

Check if a secret name+type combination exists for an owner.

Parameters

ownerId

string

name

string

secretType

string

Returns

Promise<boolean>

Implementation of

ISecretsProvider.secretExists

---

storeSecret()

storeSecret(params): Promise<string>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:37

Store a secret. Returns the secret ID. For external providers, this may be a no-op (read-only providers).

Parameters

params

StoreSecretParams

Returns

Promise<string>

Implementation of

ISecretsProvider.storeSecret

---

testConnection()

testConnection(): Promise<boolean>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:137

Test provider connectivity.

Returns

Promise<boolean>

Implementation of

ISecretsProvider.testConnection

---

updateSecret()

updateSecret(secretId, ownerId, value): Promise<void>

Defined in: packages/fireflow-trpc/server/vault/providers/fireflow-native.ts:112

Update a secret's value.

Parameters

secretId

string

ownerId

string

value

Record<string, string>

Returns

Promise<void>

Implementation of

ISecretsProvider.updateSecret