From fc5855ff28aa4ee8b61c710c2fa3892f6c5fe7c1 Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Sat, 18 Oct 2025 15:03:02 -0400
Subject: [PATCH] feat: Add hexadecimal secret generation

Closes #695
---
 pkg/secret/secret.go            | 2 ++
 pkg/secret/secret_test.go       | 6 ++++++
 pkg/secret/testdir/.env.sample  | 1 +
 pkg/secret/testdir/compose.yaml | 4 ++++
 4 files changed, 13 insertions(+)

diff --git a/pkg/secret/secret.go b/pkg/secret/secret.go
index 6f5103e7..b84aa295 100644
--- a/pkg/secret/secret.go
+++ b/pkg/secret/secret.go
@@ -188,6 +188,8 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
 // resolveCharset sets the passgen Alphabet required for a secret
 func resolveCharset(input string) string {
 	switch strings.ToLower(input) {
+	case "hex":
+		return passgen.AlphabetNumericAmbiguous + "abcdef"
 	case "special":
 		return passgen.AlphabetSpecial
 	case "safespecial":
diff --git a/pkg/secret/secret_test.go b/pkg/secret/secret_test.go
index 67d344ae..728a12ff 100644
--- a/pkg/secret/secret_test.go
+++ b/pkg/secret/secret_test.go
@@ -48,6 +48,12 @@ func TestReadSecretsConfig(t *testing.T) {
 	assert.Equal(t, "v1", secretsFromConfig["test_pass_six"].Version)
 	assert.Equal(t, 0, secretsFromConfig["test_pass_six"].Length)
 	assert.Equal(t, "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789!@#$%^&*_-+=", secretsFromConfig["test_pass_six"].Charset)
+
+	// Has a length modifier and a charset=hex modifier
+	assert.Equal(t, "test_example_com_test_pass_seven_v1", secretsFromConfig["test_pass_seven"].RemoteName)
+	assert.Equal(t, "v1", secretsFromConfig["test_pass_seven"].Version)
+	assert.Equal(t, 32, secretsFromConfig["test_pass_seven"].Length)
+	assert.Equal(t, "0123456789abcdef", secretsFromConfig["test_pass_seven"].Charset)
 }
 
 func TestReadSecretsConfigWithLongDomain(t *testing.T) {
diff --git a/pkg/secret/testdir/.env.sample b/pkg/secret/testdir/.env.sample
index 104e4bb7..023ced3e 100644
--- a/pkg/secret/testdir/.env.sample
+++ b/pkg/secret/testdir/.env.sample
@@ -4,3 +4,4 @@ SECRET_TEST_PASS_THREE_VERSION=v2
 SECRET_TEST_PASS_FOUR_VERSION=v1 # length=12 charset=default,safespecial
 SECRET_TEST_PASS_FIVE_VERSION=v1 # length=12 charset=default,special
 SECRET_TEST_PASS_SIX_VERSION=v1 # charset=default,special
+SECRET_TEST_PASS_SEVEN_VERSION=v1 # length=32 charset=hex
diff --git a/pkg/secret/testdir/compose.yaml b/pkg/secret/testdir/compose.yaml
index 2f3ccf26..1bf642f6 100644
--- a/pkg/secret/testdir/compose.yaml
+++ b/pkg/secret/testdir/compose.yaml
@@ -11,6 +11,7 @@ services:
       - test_pass_four
       - test_pass_five
       - test_pass_six
+      - test_pass_seven
 
 secrets:
   test_pass_one:
@@ -31,3 +32,6 @@ secrets:
   test_pass_six:
     external: true
     name: ${STACK_NAME}_test_pass_six_${SECRET_TEST_PASS_SIX_VERSION}
+  test_pass_seven:
+    external: true
+    name: ${STACK_NAME}_test_pass_seven_${SECRET_TEST_PASS_SEVEN_VERSION}