/** * QA360 Secrets Cryptography * AES-256-GCM encryption with PBKDF2 key derivation */ export interface EncryptedData { data: string; iv: string; salt: string; tag: string; algorithm: 'aes-256-gcm'; iterations: number; } export interface SecretEntry { name: string; value: string; createdAt: string; updatedAt: string; } export interface SecretsStore { version: string; encrypted: EncryptedData; checksum: string; } export declare class SecretsCrypto { private static readonly ALGORITHM; private static readonly KEY_LENGTH; private static readonly IV_LENGTH; private static readonly SALT_LENGTH; private static readonly TAG_LENGTH; private static readonly ITERATIONS; /** * Encrypt secrets with password-derived key */ static encrypt(secrets: Record, password: string): SecretsStore; /** * Decrypt secrets with password */ static decrypt(store: SecretsStore, password: string): Record; /** * Generate a secure random password */ static generatePassword(length?: number): string; /** * Derive password from system keychain or environment */ static deriveSystemPassword(): Promise; /** * Get password from macOS Keychain */ private static getMacOSKeychainPassword; /** * Get password from Linux keyring (using secret-tool) */ private static getLinuxKeychainPassword; /** * Get password from Windows Credential Manager */ private static getWindowsCredentialPassword; /** * Generate machine-specific password as fallback */ private static generateMachinePassword; /** * Calculate checksum for integrity verification */ private static calculateChecksum; /** * Redact secret value for logging */ static redactSecret(value: string): string; /** * Check if a string looks like a secret */ static looksLikeSecret(value: string): boolean; }