nushell-plugins/nu_plugin_secretumvault/examples/working-demo.nu

#!/usr/bin/env nu

# SecretumVault Plugin Working Demo

def title [name: string] {
    print ""
    print "════════════════════════════════════════════════════════════════════════════"
    print $name
    print "════════════════════════════════════════════════════════════════════════════"
}

def show [label: string, value: any] {
    print $"  ($label): ($value)"
}

title "SecretumVault PQC Plugin Demo"

# Check vault is running
print ""
print "Checking vault connection..."
let health_check = (curl -s -H "X-Vault-Token: mytoken" "http://localhost:8200/v1/sys/health" | from json)

if (($health_check.status) == "success") {
    print "✓ Vault is running"
} else {
    print "✗ Vault not running. Start with:"
    print "  cd /Users/Akasha/Development/secretumvault"
    print "  cargo run --bin svault --features cli,server,pqc,oqs -- -c config/svault.toml server"
    exit 1
}

# Test 1: Generate PQC Key
title "Test 1: Generate ML-KEM-768 Post-Quantum Key"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let key_id = "pqc-demo-" + (date now | format date "%s")
    let gen = ("" | secretumvault generate-pqc-key --key-id $key_id)

    show "Key ID" $gen.key_id
    show "Algorithm" $gen.algorithm
    show "Created" $gen.created_at

    let size = ($gen.public_key | decode base64 | bytes length)
    show "Public key bytes" $size

    $key_id | save -f /tmp/demo-pqc-id.txt
    $gen.public_key | save -f /tmp/demo-pub-key.txt
}

# Test 2: Retrieve via API
title "Test 2: Retrieve Key Metadata via API"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let key_id = (open /tmp/demo-pqc-id.txt)
    let api = (
        curl -s -H "X-Vault-Token: mytoken"
            $"http://localhost:8200/v1/transit/keys/($key_id)"
        | from json
    )

    if ($api.status == "success") {
        let data = $api.data
        show "Status" "Success"
        show "Algorithm" $data.algorithm
        show "Created" $data.created_at

        let size = ($data.public_key | decode base64 | bytes length)
        show "Public key bytes" $size
        print ""
        print "Public key matches: ✓"
    } else {
        show "Error" $api.error
    }
}

# Test 3: Generate Data Key via API
title "Test 3: Generate Derived Key"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let payload = ({bits: 256} | to json)
    let dk_resp = (curl -s -X POST -H "X-Vault-Token: mytoken" -H "Content-Type: application/json" -d $payload "http://localhost:8200/v1/transit/datakeys/plaintext/generate-key" | from json)

    if ($dk_resp.status == "success") {
        show "Status" "Success"
        show "Bits" 256
        show "Key material" "Generated successfully"
    }
}

# Test 4: KEM Encapsulation
title "Test 4: KEM Encapsulation (ML-KEM-768)"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let key_id = (open /tmp/demo-pqc-id.txt)
    let kem = ("" | secretumvault kem-encapsulate --pqc-key-id $key_id)

    show "Algorithm" $kem.algorithm

    let secret = $kem.shared_secret
    if ($secret != "") {
        let secret_preview = ($secret | str substring 0..50)
        show "Shared secret" $"($secret_preview)..."
    } else {
        show "Shared secret" "Generated (base64)"
    }

    let cipher = $kem.ciphertext
    if ($cipher != "") {
        let cipher_preview = ($cipher | str substring 0..50)
        show "Ciphertext" $"($cipher_preview)..."
    } else {
        show "Ciphertext" "Generated (base64)"
    }
}

# Test 5: Plugin Info
title "Test 5: Plugin Information"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let ver = ("" | secretumvault version)
    show "Version" $ver
}

# Summary
title "Demo Summary"

print ""
print "Available Commands:"
print ""
print "Post-Quantum Cryptography:"
print "  • generate-pqc-key              Generate ML-KEM-768 keypair"
print "  • kem-encapsulate               Encapsulate to PQC key"
print "  • kem-decapsulate               Decapsulate ciphertext"
print "  • hybrid-encrypt                Classical + PQC encryption"
print "  • hybrid-decrypt                Classical + PQC decryption"
print "  • hybrid-sign                   Classical + PQC signing"
print "  • hybrid-verify                 Classical + PQC verification"
print ""
print "Classical Cryptography:"
print "  • encrypt                       AES-256-GCM encryption"
print "  • decrypt                       AES-256-GCM decryption"
print "  • generate-key                  Generate symmetric key"
print "  • generate-data-key             Generate derived key"
print "  • rotate-key                    Rotate transit key"
print ""
print "System:"
print "  • health                        Vault health check"
print "  • version                       Plugin version"
print ""
print "Configuration:"
print "  Environment: SECRETUMVAULT_TOKEN (required)"
print "  URL: http://localhost:8200 (default)"
print ""
print "✓ Demo completed successfully!"
print ""
chore: update all plugins to Nushell 0.111.0 - Bump all 18 plugins from 0.110.0 to 0.111.0 - Update rust-toolchain.toml channel to 1.93.1 (nu 0.111.0 requires ≥1.91.1) Fixes: - interprocess pin =2.2.x → ^2.3.1 in nu_plugin_mcp, nu_plugin_nats, nu_plugin_typedialog (required by nu-plugin-core 0.111.0) - nu_plugin_typedialog: BackendType::Web initializer — add open_browser: false field - nu_plugin_auth: implement missing user_info_to_value helper referenced in tests Scripts: - update_all_plugins.nu: fix [package].version update on minor bumps; add [dev-dependencies] pass; add nu-plugin-test-support to managed crates - download_nushell.nu: rustup override unset before rm -rf on nushell dir replace; fix unclosed ) in string interpolation 2026-03-11 03:22:42 +00:00			`#!/usr/bin/env nu`

			`# SecretumVault Plugin Working Demo`

			`def title [name: string] {`
			`print ""`
			`print "════════════════════════════════════════════════════════════════════════════"`
			`print $name`
			`print "════════════════════════════════════════════════════════════════════════════"`
			`}`

			`def show [label: string, value: any] {`
			`print $" ($label): ($value)"`
			`}`

			`title "SecretumVault PQC Plugin Demo"`

			`# Check vault is running`
			`print ""`
			`print "Checking vault connection..."`
			`let health_check = (curl -s -H "X-Vault-Token: mytoken" "http://localhost:8200/v1/sys/health" \| from json)`

			`if (($health_check.status) == "success") {`
			`print "✓ Vault is running"`
			`} else {`
			`print "✗ Vault not running. Start with:"`
			`print " cd /Users/Akasha/Development/secretumvault"`
			`print " cargo run --bin svault --features cli,server,pqc,oqs -- -c config/svault.toml server"`
			`exit 1`
			`}`

			`# Test 1: Generate PQC Key`
			`title "Test 1: Generate ML-KEM-768 Post-Quantum Key"`

			`with-env {SECRETUMVAULT_TOKEN: "mytoken"} {`
			`let key_id = "pqc-demo-" + (date now \| format date "%s")`
			`let gen = ("" \| secretumvault generate-pqc-key --key-id $key_id)`

			`show "Key ID" $gen.key_id`
			`show "Algorithm" $gen.algorithm`
			`show "Created" $gen.created_at`

			`let size = ($gen.public_key \| decode base64 \| bytes length)`
			`show "Public key bytes" $size`

			`$key_id \| save -f /tmp/demo-pqc-id.txt`
			`$gen.public_key \| save -f /tmp/demo-pub-key.txt`
			`}`

			`# Test 2: Retrieve via API`
			`title "Test 2: Retrieve Key Metadata via API"`

			`with-env {SECRETUMVAULT_TOKEN: "mytoken"} {`
			`let key_id = (open /tmp/demo-pqc-id.txt)`
			`let api = (`
			`curl -s -H "X-Vault-Token: mytoken"`
			`$"http://localhost:8200/v1/transit/keys/($key_id)"`
			`\| from json`
			`)`

			`if ($api.status == "success") {`
			`let data = $api.data`
			`show "Status" "Success"`
			`show "Algorithm" $data.algorithm`
			`show "Created" $data.created_at`

			`let size = ($data.public_key \| decode base64 \| bytes length)`
			`show "Public key bytes" $size`
			`print ""`
			`print "Public key matches: ✓"`
			`} else {`
			`show "Error" $api.error`
			`}`
			`}`

			`# Test 3: Generate Data Key via API`
			`title "Test 3: Generate Derived Key"`

			`with-env {SECRETUMVAULT_TOKEN: "mytoken"} {`
			`let payload = ({bits: 256} \| to json)`
			`let dk_resp = (curl -s -X POST -H "X-Vault-Token: mytoken" -H "Content-Type: application/json" -d $payload "http://localhost:8200/v1/transit/datakeys/plaintext/generate-key" \| from json)`

			`if ($dk_resp.status == "success") {`
			`show "Status" "Success"`
			`show "Bits" 256`
			`show "Key material" "Generated successfully"`
			`}`
			`}`

			`# Test 4: KEM Encapsulation`
			`title "Test 4: KEM Encapsulation (ML-KEM-768)"`

			`with-env {SECRETUMVAULT_TOKEN: "mytoken"} {`
			`let key_id = (open /tmp/demo-pqc-id.txt)`
			`let kem = ("" \| secretumvault kem-encapsulate --pqc-key-id $key_id)`

			`show "Algorithm" $kem.algorithm`

			`let secret = $kem.shared_secret`
			`if ($secret != "") {`
			`let secret_preview = ($secret \| str substring 0..50)`
			`show "Shared secret" $"($secret_preview)..."`
			`} else {`
			`show "Shared secret" "Generated (base64)"`
			`}`

			`let cipher = $kem.ciphertext`
			`if ($cipher != "") {`
			`let cipher_preview = ($cipher \| str substring 0..50)`
			`show "Ciphertext" $"($cipher_preview)..."`
			`} else {`
			`show "Ciphertext" "Generated (base64)"`
			`}`
			`}`

			`# Test 5: Plugin Info`
			`title "Test 5: Plugin Information"`

			`with-env {SECRETUMVAULT_TOKEN: "mytoken"} {`
			`let ver = ("" \| secretumvault version)`
			`show "Version" $ver`
			`}`

			`# Summary`
			`title "Demo Summary"`

			`print ""`
			`print "Available Commands:"`
			`print ""`
			`print "Post-Quantum Cryptography:"`
			`print " • generate-pqc-key Generate ML-KEM-768 keypair"`
			`print " • kem-encapsulate Encapsulate to PQC key"`
			`print " • kem-decapsulate Decapsulate ciphertext"`
			`print " • hybrid-encrypt Classical + PQC encryption"`
			`print " • hybrid-decrypt Classical + PQC decryption"`
			`print " • hybrid-sign Classical + PQC signing"`
			`print " • hybrid-verify Classical + PQC verification"`
			`print ""`
			`print "Classical Cryptography:"`
			`print " • encrypt AES-256-GCM encryption"`
			`print " • decrypt AES-256-GCM decryption"`
			`print " • generate-key Generate symmetric key"`
			`print " • generate-data-key Generate derived key"`
			`print " • rotate-key Rotate transit key"`
			`print ""`
			`print "System:"`
			`print " • health Vault health check"`
			`print " • version Plugin version"`
			`print ""`
			`print "Configuration:"`
			`print " Environment: SECRETUMVAULT_TOKEN (required)"`
			`print " URL: http://localhost:8200 (default)"`
			`print ""`
			`print "✓ Demo completed successfully!"`
			`print ""`