import express from 'express'; declare function encrypt(value: string, masterKey: string): string; declare function decrypt(token: string, masterKey: string): string; declare function checksum(value: string): string; declare class Policy { name: string; description: string; rotationDays: number; minLength: number; forbidPatterns?: string[] | undefined; allowedCidrs?: string[] | undefined; constructor(name: string, description: string, rotationDays?: number, minLength?: number, forbidPatterns?: string[] | undefined, allowedCidrs?: string[] | undefined); } declare class Identity { subject: string; roles: string[]; tenant: string; constructor(subject: string, roles: string[], tenant?: string); hasRole(role: string): boolean; } type AuditLogEntry = { timestamp: Date; subject: string; action: string; secretId?: string | null; tenant: string; metadata: Record; }; declare class SecretVersion { version: number; createdAt: Date; value: string; checksum: string; createdBy: string; expiresAt?: Date | undefined; constructor(version: number, createdAt: Date, value: string, checksum: string, createdBy: string, expiresAt?: Date | undefined); isExpired(): boolean; } declare class Secret { id: string; name: string; tenant: string; policy: Policy; createdAt: Date; createdBy: string; versions: SecretVersion[]; description?: string | undefined; rotationHandler?: (() => string | Promise) | undefined; constructor(id: string, name: string, tenant: string, policy: Policy, createdAt: Date, createdBy: string, versions: SecretVersion[], description?: string | undefined, rotationHandler?: (() => string | Promise) | undefined); latestVersion(): SecretVersion; nextVersionNumber(): number; } type KtSecretEvent = { type: 'created' | 'updated' | 'deleted' | 'accessed' | 'expired'; secretId: string; tenant: string; timestamp: Date; actor: string; metadata?: Record; }; type SecretNotifier = { notify(event: KtSecretEvent): Promise; }; declare class WebhookNotifier implements SecretNotifier { private readonly webhookUrl; private readonly headers?; constructor(webhookUrl: string, headers?: Record | undefined); notify(event: KtSecretEvent): Promise; } declare class CompositeNotifier implements SecretNotifier { private readonly notifiers; constructor(notifiers: SecretNotifier[]); notify(event: KtSecretEvent): Promise; } type SecretStore = { listSecrets(tenant?: string): Promise; get(secretId: string): Promise; save(secret: Secret, actor: Identity, action: string): Promise; delete(secretId: string, actor: Identity): Promise; }; type SecretStoreConfig = { masterKey: string; auditLogPath?: string; }; declare function enforcePolicy(value: string, policy: Policy): void; declare function allowAction(actor: Identity, tenant: string, requiredRole: string): void; declare function recordObservation(action: string, secretId: string, actor: Identity): void; type GCPStorageSecretStoreConfig = { bucket: string; projectId?: string; keyFilename?: string; keyPrefix?: string; } & SecretStoreConfig; declare class GCPStorageSecretStore implements SecretStore { private readonly storage; private readonly bucket; private readonly keyPrefix; private readonly masterKey; private readonly auditLogPath; constructor(config: GCPStorageSecretStoreConfig); listSecrets(tenant?: string): Promise; get(secretId: string): Promise; save(secret: Secret, actor: Identity, action: string): Promise; delete(secretId: string, actor: Identity): Promise; private load; private persist; private log; } type PostgreSQLSecretStoreConfig = { connectionString: string; tableName?: string; } & SecretStoreConfig; declare class PostgreSQLSecretStore implements SecretStore { private readonly config; private readonly tableName; private readonly masterKey; private readonly auditLogPath; constructor(config: PostgreSQLSecretStoreConfig); listSecrets(tenant?: string): Promise; get(secretId: string): Promise; save(secret: Secret, actor: Identity, action: string): Promise; delete(secretId: string, actor: Identity): Promise; private ensureTable; private log; } type S3SecretStoreConfig = { bucket: string; region: string; keyPrefix?: string; accessKeyId?: string; secretAccessKey?: string; } & SecretStoreConfig; declare class S3SecretStore implements SecretStore { private readonly client; private readonly bucket; private readonly keyPrefix; private readonly masterKey; private readonly auditLogPath; constructor(config: S3SecretStoreConfig); listSecrets(tenant?: string): Promise; get(secretId: string): Promise; save(secret: Secret, actor: Identity, action: string): Promise; delete(secretId: string, actor: Identity): Promise; private load; private persist; private log; } declare class FileSecretStore implements SecretStore { private readonly storePath; private readonly masterKey; private readonly auditLogPath; constructor(storePath: string, config: SecretStoreConfig); listSecrets(tenant?: string): Promise; get(secretId: string): Promise; save(secret: Secret, actor: Identity, action: string): Promise; delete(secretId: string, actor: Identity): Promise; private load; private persist; private log; } declare class SecretManager { private readonly store; private readonly eventNotifier?; constructor(store: SecretStore, eventNotifier?: SecretNotifier | undefined); private emitEvent; createSecret(name: string, value: string, policy: Policy, actor: Identity, description?: string, rotationHandler?: () => string | Promise, ttlSeconds?: number): Promise; putSecret(secretId: string, value: string, actor: Identity, ttlSeconds?: number): Promise; rotate(secretId: string, actor: Identity): Promise; getSecret(secretId: string, actor: Identity): Promise; listSecrets(actor: Identity): Promise; deleteSecret(secretId: string, actor: Identity): Promise; private getOrRaise; } type ServerOptions = { storePath: string; masterKey: string; auditLogPath?: string; tenant?: string; port?: number; storage?: 'file' | 's3' | 'gcp' | 'postgres'; s3Bucket?: string; s3Region?: string; gcpBucket?: string; gcpProjectId?: string; dbConnectionString?: string; webhookUrl?: string; webhookHeaders?: Record; }; declare function buildApp(options: ServerOptions): express.Express; declare function serve(options: ServerOptions): void; type ComplianceReport = { period: { start: Date; end: Date; }; summary: { totalSecrets: number; totalAccesses: number; totalModifications: number; complianceViolations: number; }; violations: ComplianceViolation[]; recommendations: string[]; }; type ComplianceViolation = { id: string; type: 'rotation_overdue' | 'access_anomaly' | 'policy_violation' | 'unauthorized_access'; severity: 'low' | 'medium' | 'high' | 'critical'; secretId?: string; description: string; timestamp: Date; actor?: string; details: Record; }; type AuditQuery = { startDate?: Date; endDate?: Date; secretId?: string; actor?: string; action?: string; tenant?: string; limit?: number; offset?: number; }; declare class ComplianceAuditor { private readonly manager; constructor(manager: SecretManager); generateComplianceReport(startDate: Date, endDate: Date, tenant?: string): Promise; detectViolations(secrets: Secret[], auditEntries: AuditLogEntry[], _startDate: Date, _endDate: Date): Promise; private getLastRotationDate; private analyzeAccessPatterns; private serializeAccessPattern; private checkPolicyCompliance; private generateRecommendations; queryAuditLogs(query: AuditQuery): Promise; exportAuditReport(format: 'json' | 'csv' | 'pdf', report: ComplianceReport): Promise; private generateCSVReport; private generatePDFReport; } type CloudIntegration = { name: string; syncSecretToCloud(secret: Secret, manager: SecretManager, actor: Identity): Promise; validateConfiguration(): Promise; }; declare class AWSIAMIntegration implements CloudIntegration { private readonly config; name: string; constructor(config: { region: string; accessKeyId?: string; secretAccessKey?: string; roleArn?: string; }); syncSecretToCloud(secret: Secret, manager: SecretManager, actor: Identity): Promise; validateConfiguration(): Promise; } declare class GCPIAMIntegration implements CloudIntegration { private readonly config; name: string; constructor(config: { projectId?: string; keyFilename?: string; serviceAccountEmail?: string; }); syncSecretToCloud(secret: Secret, manager: SecretManager, actor: Identity): Promise; validateConfiguration(): Promise; } declare class KubernetesIntegration implements CloudIntegration { private readonly config; name: string; constructor(config: { kubeconfig?: string; namespace?: string; serviceAccountName?: string; }); syncSecretToCloud(secret: Secret, manager: SecretManager, actor: Identity): Promise; validateConfiguration(): Promise; } declare class IntegrationManager { private readonly integrations; registerIntegration(integration: CloudIntegration): void; getIntegration(name: string): CloudIntegration | undefined; syncSecretToCloud(integrationName: string, secret: Secret, manager: SecretManager, actor: Identity): Promise; validateAllIntegrations(): Promise<{ [name: string]: boolean; }>; } type HealthStatus = { overall: 'healthy' | 'degraded' | 'unhealthy'; components: { storage: ComponentHealth; encryption: ComponentHealth; audit: ComponentHealth; rotation?: ComponentHealth; }; metrics: SystemMetrics; lastChecked: Date; }; type ComponentHealth = { status: 'healthy' | 'degraded' | 'unhealthy'; message?: string; details?: Record; }; type SystemMetrics = { totalSecrets: number; activeSecrets: number; expiredSecrets: number; secretsByTenant: Record; averageSecretAge: number; rotationCompliance: number; auditEventsLast24h: number; failedOperations: number; storageLatency: number; }; type AlertRule = { id: string; name: string; condition: (metrics: SystemMetrics) => boolean; severity: 'info' | 'warning' | 'error' | 'critical'; message: string; enabled: boolean; }; declare class HealthMonitor { private readonly manager; private readonly store; private readonly config; private alertRules; private metricsHistory; private lastHealthCheck?; constructor(manager: SecretManager, store: SecretStore, config: { healthCheckIntervalMs: number; metricsRetentionHours: number; alertWebhook?: string; }); checkHealth(): Promise; private checkStorageHealth; private checkEncryptionHealth; private checkAuditHealth; private collectMetrics; private determineOverallHealth; private initializeDefaultAlertRules; addAlertRule(rule: AlertRule): void; removeAlertRule(ruleId: string): void; private evaluateAlerts; private sendAlert; getMetricsHistory(hours?: number): SystemMetrics[]; getLastHealthCheck(): HealthStatus | undefined; } type RotationSchedule = { secretId: string; nextRotation: Date; rotationWindow?: { start: string; end: string; timezone: string; }; maxRetries: number; retryCount: number; lastRotationAttempt?: Date; lastRotationError?: string; }; type RotationConfig = { checkIntervalMs: number; maxConcurrentRotations: number; defaultMaxRetries: number; notificationWebhook?: string; }; declare class RotationScheduler { private readonly manager; private readonly config; private readonly actor; private readonly schedules; private intervalId; private isRunning; constructor(manager: SecretManager, config: RotationConfig, actor: Identity); start(): void; stop(): void; addSchedule(secretId: string, rotationWindow?: RotationSchedule['rotationWindow']): void; removeSchedule(secretId: string): void; getSchedule(secretId: string): RotationSchedule | undefined; private checkAndRotateSecrets; private shouldRotate; private rotateSecret; private handleRotationFailure; private calculateNextRotation; private notifyRotationSuccess; private notifyRotationFailure; } type AccessConditionValue = string | number | boolean | null | Date | unknown[] | Record; type AccessRule = { id: string; resource: string; action: string; conditions: AccessCondition[]; effect: 'allow' | 'deny'; }; type AccessCondition = { type: 'time' | 'ip' | 'role' | 'custom'; operator: 'equals' | 'in' | 'between' | 'matches'; value: AccessConditionValue; }; type AccessRequest = { subject: string; resource: string; action: string; context: { ip?: string; time?: Date; roles?: string[]; custom?: Record; }; }; declare class AccessControlManager { private rules; addRule(rule: AccessRule): void; removeRule(ruleId: string): void; evaluateAccess(request: AccessRequest): Promise; private ruleMatches; private conditionMatches; private matchesInCondition; private matchesBetweenCondition; private matchesRegexCondition; private getContextValue; createTimeBasedRule(id: string, resource: string, action: string, startHour: number, endHour: number): AccessRule; createIPRestrictionRule(id: string, resource: string, action: string, allowedIPs: string[]): AccessRule; createRoleBasedRule(id: string, resource: string, action: string, requiredRoles: string[]): AccessRule; listRules(): AccessRule[]; } declare class SessionManager { private readonly sessionTimeoutMs; private readonly sessions; constructor(sessionTimeoutMs?: number); createSession(identity: Identity, metadata?: Record): string; getSession(sessionId: string): Session | undefined; extendSession(sessionId: string): boolean; invalidateSession(sessionId: string): void; cleanupExpiredSessions(): void; listActiveSessions(): Session[]; private generateSessionId; } type Session = { id: string; identity: Identity; createdAt: Date; lastActivity: Date; expiresAt: Date; metadata: Record; isActive: boolean; }; type ContainerConfig = { image: string; environment: Record; volumes: string[]; ports: Record; secrets: Record; }; type KubernetesConfig = { namespace: string; serviceAccount: string; secrets: Record>; configMaps: Record>; }; declare class DockerIntegration { createContainer(name: string, config: ContainerConfig): Promise; injectSecrets(containerId: string, secrets: Record): Promise; getContainerLogs(containerId: string, tail?: number): Promise; stopContainer(containerId: string): Promise; removeContainer(containerId: string): Promise; listContainers(): Promise>; } declare class K8sIntegration { private readonly kubeconfig?; constructor(kubeconfig?: string | undefined); createSecret(name: string, namespace: string, data: Record): Promise; updateSecret(name: string, namespace: string, data: Record): Promise; getSecret(name: string, namespace: string): Promise>; deleteSecret(name: string, namespace: string): Promise; createConfigMap(name: string, namespace: string, data: Record): Promise; injectSecretsIntoDeployment(deploymentName: string, namespace: string, secretReferences: Record): Promise; getPodLogs(podName: string, namespace: string, tail?: number): Promise; listSecrets(namespace: string): Promise; } declare class ContainerOrchestrator { private readonly docker?; private readonly kubernetes?; constructor(docker?: DockerIntegration | undefined, kubernetes?: K8sIntegration | undefined); deployApplication(name: string, config: ContainerConfig | KubernetesConfig, useKubernetes?: boolean): Promise; private deployToDocker; private deployToKubernetes; getLogs(name: string, namespace?: string, tail?: number): Promise; cleanup(name: string, namespace?: string): Promise; } type EncryptionKey = { id: string; key: Buffer; createdAt: Date; expiresAt?: Date; isActive: boolean; }; type EnvelopeEncryptionConfig = { masterKey: string; keyRotationDays: number; keySize: number; algorithm: string; }; declare class AdvancedEncryptionManager { private readonly config; private readonly keys; private currentKeyId; constructor(config: EnvelopeEncryptionConfig); private initializeKeys; private generateKeyId; private deriveKey; encrypt(plaintext: string): Promise<{ ciphertext: string; keyId: string; iv: string; }>; decrypt(ciphertext: string, keyId: string, iv: string): Promise; rotateKey(): Promise; shouldRotateKey(): Promise; getActiveKeyId(): string; getKeyInfo(keyId: string): EncryptionKey | undefined; listKeys(): EncryptionKey[]; cleanupExpiredKeys(): Promise; } declare class BackupManager { private readonly retentionDays; constructor(_storagePath: string, retentionDays?: number); createBackup(data: unknown): Promise; restoreFromBackup(backupId: string): Promise; listBackups(): Promise; cleanupOldBackups(): Promise; } type PerformanceMetrics = { operationLatency: { create: number[]; read: number[]; update: number[]; delete: number[]; rotate: number[]; }; throughput: { operationsPerSecond: number; bytesProcessedPerSecond: number; }; resourceUsage: { memoryUsage: number; cpuUsage: number; }; cacheMetrics: { hitRate: number; missRate: number; size: number; }; errorRates: { total: number; byOperation: Record; }; }; type PerformanceConfig = { metricsRetentionMs: number; samplingRate: number; alertThresholds: { maxLatencyMs: number; maxErrorRate: number; minThroughput: number; }; }; declare class PerformanceMonitor { private readonly config; private readonly metrics; private readonly operationCounts; private readonly errorCounts; private readonly startTime; constructor(_manager: SecretManager, config: PerformanceConfig); private startMonitoring; recordOperation(operation: string, duration: number, success?: boolean): void; recordCacheHit(): void; recordCacheMiss(): void; getMetrics(): PerformanceMetrics; getHealthScore(): number; private calculateLatencyScore; private calculateErrorScore; private calculateThroughputScore; private updateResourceMetrics; private updateThroughputMetrics; private updateErrorRates; private cleanupOldMetrics; getAlerts(): string[]; private getAverageLatency; } declare class ConnectionPool { private readonly maxConnections; private readonly createConnection; private readonly destroyConnection; private pool; private activeConnections; private readonly waitingQueue; constructor(maxConnections: number, createConnection: () => Promise, destroyConnection: (connection: TConnection) => Promise); getConnection(): Promise; releaseConnection(connection: TConnection): Promise; close(): Promise; getStats(): { active: number; idle: number; waiting: number; }; } export { AWSIAMIntegration, type AccessCondition, AccessControlManager, type AccessRequest, type AccessRule, AdvancedEncryptionManager, type AlertRule, type AuditQuery, BackupManager, type CloudIntegration, ComplianceAuditor, type ComplianceReport, type ComplianceViolation, type ComponentHealth, CompositeNotifier, ConnectionPool, type ContainerConfig, ContainerOrchestrator, DockerIntegration, type EncryptionKey, type EnvelopeEncryptionConfig, FileSecretStore, GCPIAMIntegration, GCPStorageSecretStore, type GCPStorageSecretStoreConfig, HealthMonitor, type HealthStatus, Identity, IntegrationManager, K8sIntegration, type KtSecretEvent, type KubernetesConfig, KubernetesIntegration, type PerformanceConfig, type PerformanceMetrics, PerformanceMonitor, Policy, PostgreSQLSecretStore, type PostgreSQLSecretStoreConfig, type RotationConfig, type RotationSchedule, RotationScheduler, S3SecretStore, type S3SecretStoreConfig, Secret, SecretManager, type SecretNotifier, SecretVersion, type Session, SessionManager, type SystemMetrics, WebhookNotifier, allowAction, buildApp, checksum, decrypt, encrypt, enforcePolicy, recordObservation, serve };