/**
 * Encrypted secrets vault — AES-256-GCM at rest, env-scoped, versioned.
 *
 *   GET    /secrets                   — list (project + optional env)
 *   GET    /secrets/detail?id=&reveal — get one (reveal opt-in only)
 *   POST   /secrets                   — create
 *   PATCH  /secrets                   — update (new value → new version)
 *   DELETE /secrets                   — delete
 *   POST   /secrets/rollback          — restore a past version
 *   GET    /secrets/stats             — per-env counts
 *
 * Secrets are distinct from `envVars`: envVars are plain K/V for runtime
 * injection; secrets are a first-class vault with version history, audit
 * trail, and on-demand decryption. Prefer secrets when the value must
 * never leak into build logs or reach the filesystem.
 *
 * The `reveal` flag on `get()` MUST be passed explicitly — without it
 * the API returns a masked string. Callers opting in accept full
 * responsibility for shielding the plaintext.
 *
 * Wire shape sourced from `@sylphx/contract` (ADR-084).
 */
import type { CreateSecretInput, CreateSecretResult, RollbackSecretResult, SecretDetail, SecretListItem, UpdateSecretInput, UpdateSecretResult } from '@sylphx/contract';
import type { Client } from './client.js';
export type { CreateSecretInput as CreateInput, CreateSecretResult as CreateResult, EnvironmentRef, RollbackSecretResult as RollbackResult, SecretDetail, SecretListItem, SecretVersion, UpdateSecretInput as UpdateInput, UpdateSecretResult as UpdateResult, } from '@sylphx/contract';
export interface ListOptions {
    readonly environmentId?: string;
    readonly includeInactive?: boolean;
}
export declare const list: (client: Client, projectId: string, options?: ListOptions) => Promise<{
    secrets: readonly SecretListItem[];
}>;
export declare const get: (client: Client, id: string, options?: {
    reveal?: boolean;
}) => Promise<SecretDetail>;
export declare const create: (client: Client, input: CreateSecretInput) => Promise<CreateSecretResult>;
export declare const update: (client: Client, input: UpdateSecretInput) => Promise<UpdateSecretResult>;
declare const _delete: (client: Client, id: string) => Promise<{
    success: boolean;
}>;
export { _delete as delete };
export declare const rollback: (client: Client, id: string, version: string) => Promise<RollbackSecretResult>;
export interface EnvironmentStats {
    readonly environmentId: string | null;
    readonly count: number;
}
export declare const stats: (client: Client, projectId: string) => Promise<{
    stats: readonly EnvironmentStats[];
}>;
//# sourceMappingURL=secrets.d.ts.map