tools.manage_secrets module

Per-user secrets management.

Users can store named secrets (passwords, auth tokens, private keys, etc.) encrypted per-user. Other tools can reference secrets by name using the secret:name prefix in credential parameters; the registry resolves these transparently before the handler runs.

Redis key: stargazer:user_secrets:{user_id} Secrets are encrypted at rest (AES-256-GCM) with per-user keys in SQLite.

async tools.manage_secrets.resolve_user_secret(user_id, secret_name, *, redis_client=None, config=None)

Return the decrypted value for a user’s secret, or None if not found.

Return type:

str | None

Parameters:

• user_id (str)

• secret_name (str)