daytona 0.191.0 → 0.192.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57a2b331fa8cb901faa0029d2654c95409bb251fe3340d2d33e20503584d5d1e
-  data.tar.gz: 00a6a3ac444575ac68b69ea471d122d199f02709b47fae4455626f6aa0291c6c
+  metadata.gz: 1a7719df0000f634d12b17d3972dec44ef3531ffe9e7c39fb23cd46d99aaae7a
+  data.tar.gz: 8bf5cacb5248da7f5b064000c813325b8baaa62972b7d781d43ebf9c60fb536b
 SHA512:
-  metadata.gz: 5ff5004f92d21f9be8add806f3db4e482986d6607bd1a6c300181fa6d4b854efd06c0874ec7f33326c2f49ce791c060359567efc9b96067ba1075b71ad8dbf64
-  data.tar.gz: d0f5684a55b0472042eb0a3be36f8de3517a1a386f532c3c6e64b52dfe647f6d76159a8e83d97b8ebd87b7b5437bde93d5909576668258573dbfcc13be72813f
+  metadata.gz: 69531535c5108ecb66a1d5e21263cf327b8d1e51d84958c53d7b0697a7d9f1e4f9056415a1bd1b1d90445551168e2bd7776a124540d4d763fa0bf85cab7f18be
+  data.tar.gz: 2699a97602979c2f678aacb6f6c49f26013513c4816edb870444ddeb3c4464c0917fc651fd573babefa1e58347cfc16665e83b4b061a07b364821e6ad235c827

data/lib/daytona/common/daytona.rb

@@ -37,6 +37,11 @@ module Daytona
     # @return [Array<DaytonaApiClient::SandboxVolume>, nil] List of volumes mounts to attach to the Sandbox
     attr_accessor :volumes
 
+    # @return [Hash<String, String>, nil] Organization Secrets to expose in the Sandbox, as a mapping
+    #   of env var name to existing Secret name. The injected env var holds an opaque placeholder that
+    #   is resolved to the real value only for the Secret's allowed hosts.
+    attr_accessor :secrets
+
     # @return [Boolean, nil] Whether to block all network access for the Sandbox
     attr_accessor :network_block_all
 
@@ -67,6 +72,8 @@ module Daytona
     # @param auto_archive_interval [Integer, nil] Auto-archive interval in minutes
     # @param auto_delete_interval [Integer, nil] Auto-delete interval in minutes
     # @param volumes [Array<DaytonaApiClient::SandboxVolume>, nil] List of volumes mounts to attach to the Sandbox
+    # @param secrets [Hash<String, String>, nil] Organization Secrets to expose in the Sandbox, as a
+    #   mapping of env var name to existing Secret name
     # @param network_block_all [Boolean, nil] Whether to block all network access for the Sandbox
     # @param network_allow_list [String, nil] Comma-separated list of allowed CIDR network addresses for the Sandbox
     # @param domain_allow_list [String, nil] Comma-separated list of allowed domains for the Sandbox
@@ -83,6 +90,7 @@ module Daytona
       auto_archive_interval: nil,
       auto_delete_interval: nil,
       volumes: nil,
+      secrets: nil,
       network_block_all: nil,
       network_allow_list: nil,
       domain_allow_list: nil,
@@ -99,6 +107,7 @@ module Daytona
       @auto_archive_interval = auto_archive_interval
       @auto_delete_interval = auto_delete_interval
       @volumes = volumes
+      @secrets = secrets
       @network_block_all = network_block_all
       @network_allow_list = network_allow_list
       @domain_allow_list = domain_allow_list
@@ -124,6 +133,7 @@ module Daytona
         auto_archive_interval:,
         auto_delete_interval:,
         volumes:,
+        secrets:,
         network_block_all:,
         network_allow_list:,
         domain_allow_list:,
@@ -171,6 +181,8 @@ module Daytona
     # @param auto_archive_interval [Integer, nil] Auto-archive interval in minutes
     # @param auto_delete_interval [Integer, nil] Auto-delete interval in minutes
     # @param volumes [Array<DaytonaApiClient::SandboxVolume>, nil] List of volumes mounts to attach to the Sandbox
+    # @param secrets [Hash<String, String>, nil] Organization Secrets to expose in the Sandbox, as a
+    #   mapping of env var name to existing Secret name
     # @param network_block_all [Boolean, nil] Whether to block all network access for the Sandbox
     # @param network_allow_list [String, nil] Comma-separated list of allowed CIDR network addresses for the Sandbox
     # @param domain_allow_list [String, nil] Comma-separated list of allowed domains for the Sandbox
@@ -210,6 +222,8 @@ module Daytona
     # @param auto_archive_interval [Integer, nil] Auto-archive interval in minutes
     # @param auto_delete_interval [Integer, nil] Auto-delete interval in minutes
     # @param volumes [Array<DaytonaApiClient::SandboxVolume>, nil] List of volumes mounts to attach to the Sandbox
+    # @param secrets [Hash<String, String>, nil] Organization Secrets to expose in the Sandbox, as a
+    #   mapping of env var name to existing Secret name
     # @param network_block_all [Boolean, nil] Whether to block all network access for the Sandbox
     # @param network_allow_list [String, nil] Comma-separated list of allowed CIDR network addresses for the Sandbox
     # @param domain_allow_list [String, nil] Comma-separated list of allowed domains for the Sandbox

data/lib/daytona/daytona.rb

@@ -22,6 +22,9 @@ module Daytona
     # @return [Daytona::VolumeService]
     attr_reader :volume
 
+    # @return [Daytona::SecretService]
+    attr_reader :secret
+
     # @return [DaytonaApiClient::ObjectStorageApi]
     attr_reader :object_storage_api
 
@@ -46,6 +49,7 @@ module Daytona
       @sandbox_api = DaytonaApiClient::SandboxApi.new(api_client)
       @config_api = DaytonaApiClient::ConfigApi.new(api_client)
       @volume = VolumeService.new(DaytonaApiClient::VolumesApi.new(api_client), otel_state:)
+      @secret = SecretService.new(DaytonaApiClient::SecretApi.new(api_client), otel_state:)
       @object_storage_api = DaytonaApiClient::ObjectStorageApi.new(api_client)
       @snapshots_api = DaytonaApiClient::SnapshotsApi.new(api_client)
       @snapshot = SnapshotService.new(snapshots_api:, object_storage_api:, default_region_id: config.target,
@@ -213,6 +217,7 @@ module Daytona
         auto_archive_interval: params.auto_archive_interval,
         auto_delete_interval: params.auto_delete_interval,
         volumes: params.volumes,
+        secrets: params.secrets&.map { |env_var, secret_name| { env_var.to_s => secret_name.to_s } },
         network_block_all: params.network_block_all,
         network_allow_list: params.network_allow_list,
         domain_allow_list: params.domain_allow_list,

data/lib/daytona/sdk/version.rb

@@ -5,6 +5,6 @@
 
 module Daytona
   module Sdk
-    VERSION = '0.191.0'
+    VERSION = '0.192.0'
   end
 end

data/lib/daytona/sdk.rb

@@ -33,6 +33,8 @@ require_relative 'git'
 require_relative 'lsp_server'
 require_relative 'object_storage'
 require_relative 'sandbox'
+require_relative 'secret'
+require_relative 'secret_service'
 require_relative 'snapshot_service'
 require_relative 'util'
 require_relative 'volume'

data/lib/daytona/secret.rb

@@ -0,0 +1,46 @@
+# Copyright Daytona Platforms Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+# frozen_string_literal: true
+
+module Daytona
+  class Secret
+    # @return [String]
+    attr_reader :id
+
+    # @return [String]
+    attr_reader :name
+
+    # @return [String, nil]
+    attr_reader :description
+
+    # @return [String] Opaque placeholder token injected as the env var value in Sandboxes. The
+    #   placeholder is resolved to the real plaintext value only for the secret's allowed hosts.
+    attr_reader :placeholder
+
+    # @return [Array<String>] Allowed hosts this secret may be sent to. Accepts exact hostnames
+    #   and +*.+ wildcards (no ports).
+    attr_reader :hosts
+
+    # @return [String]
+    attr_reader :created_at
+
+    # @return [String]
+    attr_reader :updated_at
+
+    # Initialize secret from DTO
+    #
+    # The plaintext value is write-only and is never returned by the API, so it is not exposed here.
+    #
+    # @param secret_dto [DaytonaApiClient::Secret]
+    def initialize(secret_dto)
+      @id = secret_dto.id
+      @name = secret_dto.name
+      @description = secret_dto.description
+      @placeholder = secret_dto.placeholder
+      @hosts = secret_dto.hosts
+      @created_at = secret_dto.created_at
+      @updated_at = secret_dto.updated_at
+    end
+  end
+end

data/lib/daytona/secret_service.rb

@@ -0,0 +1,86 @@
+# Copyright Daytona Platforms Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+# frozen_string_literal: true
+
+module Daytona
+  class SecretService
+    include Instrumentation
+
+    # Service for managing organization-scoped Daytona Secrets. Can be used to list, get, create,
+    # update and delete Secrets.
+    #
+    # A Secret stores a plaintext +value+ that is never returned by the API. When a Secret is
+    # referenced while creating a Sandbox, the corresponding env var holds an opaque +placeholder+
+    # that is resolved to the real value only for the Secret's allowed +hosts+.
+    #
+    # @param secret_api [DaytonaApiClient::SecretApi]
+    # @param otel_state [Daytona::OtelState, nil]
+    def initialize(secret_api, otel_state: nil)
+      @secret_api = secret_api
+      @otel_state = otel_state
+    end
+
+    # Create a new Secret.
+    #
+    # @param name [String] Name of the Secret. Must match +^[a-zA-Z_][a-zA-Z0-9_-]*$+ and be unique
+    #   within the organization (a duplicate name raises a 409 error).
+    # @param value [String] Plaintext value of the Secret. Write-only; never returned by the API.
+    # @param description [String, nil] Optional description of the Secret.
+    # @param hosts [Array<String>, nil] Allowed hosts this Secret may be sent to. Accepts exact
+    #   hostnames and +*.+ wildcards (no ports).
+    # @return [Daytona::Secret]
+    def create(name, value, description: nil, hosts: nil)
+      Secret.new(secret_api.create_secret(
+                   DaytonaApiClient::CreateSecret.new(name:, value:, description:, hosts:)
+                 ))
+    end
+
+    # Delete a Secret.
+    #
+    # @param secret_id [String]
+    # @return [void]
+    # @raise [DaytonaApiClient::ApiError] If no Secret with the given ID exists (404).
+    def delete(secret_id) = secret_api.delete_secret(secret_id)
+
+    # Get a Secret by ID.
+    #
+    # @param secret_id [String]
+    # @return [Daytona::Secret]
+    # @raise [DaytonaApiClient::ApiError] If no Secret with the given ID exists (404).
+    def get(secret_id) = Secret.new(secret_api.get_secret(secret_id))
+
+    # List all Secrets.
+    #
+    # @return [Array<Daytona::Secret>]
+    def list
+      secret_api.list_secrets.map { |secret| Secret.new(secret) }
+    end
+
+    # Update a Secret.
+    #
+    # @param secret_id [String]
+    # @param value [String, nil] New plaintext value. Write-only; never returned by the API.
+    # @param description [String, nil] New description of the Secret.
+    # @param hosts [Array<String>, nil] Allowed hosts this Secret may be sent to. Accepts exact
+    #   hostnames and +*.+ wildcards (no ports).
+    # @return [Daytona::Secret]
+    # @raise [DaytonaApiClient::ApiError] If no Secret with the given ID exists (404).
+    def update(secret_id, value: nil, description: nil, hosts: nil)
+      Secret.new(secret_api.update_secret(
+                   secret_id,
+                   DaytonaApiClient::UpdateSecret.new(value:, description:, hosts:)
+                 ))
+    end
+
+    instrument :create, :delete, :get, :list, :update, component: 'SecretService'
+
+    private
+
+    # @return [DaytonaApiClient::SecretApi]
+    attr_reader :secret_api
+
+    # @return [Daytona::OtelState, nil]
+    attr_reader :otel_state
+  end
+end

data/scripts/generate-docs.rb

@@ -21,11 +21,13 @@ CLASSES_TO_DOCUMENT = [
   ['process.rb', 'process.mdx', 'Daytona::Process'],
   ['lsp_server.rb', 'lsp-server.mdx', 'Daytona::LspServer'],
   ['volume.rb', 'volume.mdx', 'Daytona::Volume'],
+  ['secret.rb', 'secret.mdx', 'Daytona::Secret'],
   ['object_storage.rb', 'object-storage.mdx', 'Daytona::ObjectStorage'],
   ['computer_use.rb', 'computer-use.mdx', 'Daytona::ComputerUse'],
   ['computer_use.rb', 'computer-use.mdx', 'Daytona::ComputerUse::Accessibility'],
   ['snapshot_service.rb', 'snapshot.mdx', 'Daytona::SnapshotService'],
   ['volume_service.rb', 'volume-service.mdx', 'Daytona::VolumeService'],
+  ['secret_service.rb', 'secret-service.mdx', 'Daytona::SecretService'],
   ['common/charts.rb', 'charts.mdx', 'Daytona::Chart'],
   ['common/image.rb', 'image.mdx', 'Daytona::Image']
 ]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: daytona
 version: !ruby/object:Gem::Version
-  version: 0.191.0
+  version: 0.192.0
 platform: ruby
 authors:
 - Daytona Platforms Inc.
@@ -85,28 +85,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.191.0
+        version: 0.192.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.191.0
+        version: 0.192.0
 - !ruby/object:Gem::Dependency
   name: daytona_toolbox_api_client
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.191.0
+        version: 0.192.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.191.0
+        version: 0.192.0
 - !ruby/object:Gem::Dependency
   name: dotenv
   requirement: !ruby/object:Gem::Requirement
@@ -205,6 +205,8 @@ files:
 - lib/daytona/sandbox.rb
 - lib/daytona/sdk.rb
 - lib/daytona/sdk/version.rb
+- lib/daytona/secret.rb
+- lib/daytona/secret_service.rb
 - lib/daytona/snapshot_service.rb
 - lib/daytona/util.rb
 - lib/daytona/volume.rb