Merge pull request #437 from docker/store/factory

Benehiko · web-flow · commit 7220cea1a191 · 2026-01-27T14:04:45.000Z
feat: factory function provides more context
diff --git a/plugins/pass/store/store.go b/plugins/pass/store/store.go
@@ -1,6 +1,8 @@
 package store
 
 import (
+	"context"
+
 	"github.com/docker/secrets-engine/store"
 	"github.com/docker/secrets-engine/store/keychain"
 )
@@ -32,7 +34,7 @@ func PassStore(serviceGroup string, opts ...keychain.Option) (store.Store, error
 	kc, err := keychain.New(
 		serviceGroup,
 		"docker-pass-cli",
-		func() *PassValue {
+		func(_ context.Context, _ store.ID) *PassValue {
 			return &PassValue{}
 		},
 		opts...,
diff --git a/store/keychain/cmd/main.go b/store/keychain/cmd/main.go
@@ -20,7 +20,7 @@ func newCommand() (*cobra.Command, error) {
 	kc, err := keychain.New(
 		"io.docker.Secrets",
 		"docker-example-cli",
-		func() *mocks.MockCredential {
+		func(_ context.Context, _ store.ID) *mocks.MockCredential {
 			return &mocks.MockCredential{}
 		},
 	)
diff --git a/store/keychain/keychain_darwin.go b/store/keychain/keychain_darwin.go
@@ -19,7 +19,7 @@ var (
 type keychainStore[T store.Secret] struct {
 	serviceGroup              string
 	serviceName               string
-	factory                   func() T
+	factory                   store.Factory[T]
 	useDataProtectionKeychain bool
 }
 
@@ -102,7 +102,7 @@ func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {
 	return nil
 }
 
-func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, error) {
+func (k *keychainStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, error) {
 	result, err := getItemWithData(id.String(), k)
 	if err != nil {
 		return nil, err
@@ -114,7 +114,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er
 	}
 	safelyCleanMetadata(attributes)
 
-	secret := k.factory()
+	secret := k.factory(ctx, id)
 	if err := secret.SetMetadata(attributes); err != nil {
 		return nil, err
 	}
@@ -124,7 +124,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er
 	return secret, nil
 }
 
-func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.Secret, error) {
 	item := newKeychainItem("", k)
 
 	// We use the MatchLimitAll attribute to query for multiple items from the
@@ -149,7 +149,7 @@ func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.S
 		}
 		safelyCleanMetadata(attributes)
 
-		secret := k.factory()
+		secret := k.factory(ctx, id)
 		if err := secret.SetMetadata(attributes); err != nil {
 			return nil, err
 		}
@@ -184,7 +184,7 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec
 	return mapKeychainError(kc.AddItem(item))
 }
 
-func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {
 	// Note: Filter on macOS cannot filter by generic attributes and thus we
 	// cannot split the ID and store it in the keychain as parts for later
 	// pattern matching.
@@ -242,7 +242,7 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map
 			return nil, err
 		}
 
-		secret := k.factory()
+		secret := k.factory(ctx, id)
 		if err := secret.SetMetadata(attr); err != nil {
 			return nil, err
 		}
diff --git a/store/keychain/keychain_darwin_test.go b/store/keychain/keychain_darwin_test.go
@@ -4,6 +4,7 @@ package keychain
 
 import (
 	"bytes"
+	"context"
 	"testing"
 
 	"github.com/google/uuid"
@@ -22,7 +23,7 @@ func TestMacosKeychain(t *testing.T) {
 	keychainStore := keychainStore[*mocks.MockCredential]{
 		serviceGroup: serviceGroup,
 		serviceName:  serviceName,
-		factory: func() *mocks.MockCredential {
+		factory: func(_ context.Context, _ store.ID) *mocks.MockCredential {
 			return &mocks.MockCredential{}
 		},
 	}
diff --git a/store/keychain/keychain_linux.go b/store/keychain/keychain_linux.go
@@ -97,7 +97,7 @@ func isCollectionUnlocked(collectionPath dbus.ObjectPath, service *kc.SecretServ
 type keychainStore[T store.Secret] struct {
 	serviceGroup string
 	serviceName  string
-	factory      func() T
+	factory      store.Factory[T]
 }
 
 func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {
@@ -143,7 +143,7 @@ func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {
 	return service.DeleteItem(items[0])
 }
 
-func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, error) {
+func (k *keychainStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, error) {
 	service, err := kc.NewService()
 	if err != nil {
 		return nil, err
@@ -193,7 +193,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er
 	if err != nil {
 		return nil, err
 	}
-	secret := k.factory()
+	secret := k.factory(ctx, id)
 	if err := secret.SetMetadata(attributes); err != nil {
 		return nil, err
 	}
@@ -204,7 +204,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er
 	return secret, nil
 }
 
-func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.Secret, error) {
 	service, err := kc.NewService()
 	if err != nil {
 		return nil, err
@@ -261,7 +261,7 @@ func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.S
 		}
 		safelyCleanMetadata(attributes)
 
-		secret := k.factory()
+		secret := k.factory(ctx, secretID)
 		if err := secret.SetMetadata(attributes); err != nil {
 			return nil, err
 		}
@@ -326,7 +326,7 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec
 }
 
 //gocyclo:ignore
-func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {
 	service, err := kc.NewService()
 	if err != nil {
 		return nil, err
@@ -402,7 +402,7 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map
 		}
 		safelyCleanMetadata(attributes)
 
-		secret := k.factory()
+		secret := k.factory(ctx, secretID)
 		if err := secret.SetMetadata(attributes); err != nil {
 			return nil, err
 		}
diff --git a/store/keychain/keychain_test.go b/store/keychain/keychain_test.go
@@ -50,10 +50,10 @@ func (m *mustUnmarshalError) Unmarshal([]byte) error {
 	return errors.New("i am failing on purpose")
 }
 
-func setupKeychain(t *testing.T, secretFactory func() store.Secret) store.Store {
+func setupKeychain(t *testing.T, secretFactory func(context.Context, store.ID) store.Secret) store.Store {
 	t.Helper()
 	if secretFactory == nil {
-		secretFactory = func() store.Secret {
+		secretFactory = func(_ context.Context, _ store.ID) store.Secret {
 			return &mocks.MockCredential{}
 		}
 	}
@@ -266,7 +266,7 @@ func TestKeychain(t *testing.T) {
 	})
 
 	t.Run("unmarshal error on get", func(t *testing.T) {
-		kc := setupKeychain(t, func() store.Secret {
+		kc := setupKeychain(t, func(_ context.Context, _ store.ID) store.Secret {
 			return &mustUnmarshalError{}
 		})
 		id, err := store.ParseID("something/will/fail")
@@ -280,7 +280,7 @@ func TestKeychain(t *testing.T) {
 	})
 
 	t.Run("set metadata error on getAllMetadata", func(t *testing.T) {
-		kc := setupKeychain(t, func() store.Secret {
+		kc := setupKeychain(t, func(_ context.Context, _ store.ID) store.Secret {
 			return &mustUnmarshalError{}
 		})
 		id, err := store.ParseID("something/will/fail")
diff --git a/store/keychain/keychain_windows.go b/store/keychain/keychain_windows.go
@@ -54,7 +54,7 @@ func decodeSecret(blob []byte, secret store.Secret) error {
 type keychainStore[T store.Secret] struct {
 	serviceGroup string
 	serviceName  string
-	factory      func() T
+	factory      store.Factory[T]
 }
 
 func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {
@@ -66,7 +66,7 @@ func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {
 	return nil
 }
 
-func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, error) {
+func (k *keychainStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, error) {
 	gc, err := wincred.GetGenericCredential(k.itemLabel(id.String()))
 	if err != nil {
 		return nil, mapWindowsCredentialError(err)
@@ -75,7 +75,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er
 	attributes := mapFromWindowsAttributes(gc.Attributes)
 	safelyCleanMetadata(attributes)
 
-	secret := k.factory()
+	secret := k.factory(ctx, id)
 	if err := secret.SetMetadata(attributes); err != nil {
 		return nil, err
 	}
@@ -148,7 +148,7 @@ func mapFromWindowsAttributes(winAttrs []wincred.CredentialAttribute) map[string
 	return attributes
 }
 
-func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.Secret, error) {
 	credentials, err := wincred.List()
 	if err != nil {
 		return nil, mapWindowsCredentialError(err)
@@ -169,7 +169,7 @@ func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.S
 		attributes := mapFromWindowsAttributes(cred.Attributes)
 		safelyCleanMetadata(attributes)
 
-		secret := k.factory()
+		secret := k.factory(ctx, id)
 		if err := secret.SetMetadata(attributes); err != nil {
 			return nil, err
 		}
@@ -198,7 +198,7 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec
 	return mapWindowsCredentialError(g.Write())
 }
 
-func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {
 	// Note: there is no notion of a filter on Windows inside the wincred API.
 	// It has no way to even filter on known attributes.
 	// This means we need to retrieve the entire list of ALL secrets, that
@@ -241,7 +241,7 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map
 		gcAttributes := mapFromWindowsAttributes(gc.Attributes)
 		safelyCleanMetadata(gcAttributes)
 
-		secret := k.factory()
+		secret := k.factory(ctx, id)
 		if err := secret.SetMetadata(gcAttributes); err != nil {
 			return nil, err
 		}
diff --git a/store/posixage/store.go b/store/posixage/store.go
@@ -201,7 +201,7 @@ func (f *fileStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[s
 			return err
 		}
 
-		secret := f.factory()
+		secret := f.factory(ctx, id)
 		if err := secret.SetMetadata(metadata); err != nil {
 			return err
 		}
@@ -241,7 +241,7 @@ func (f *fileStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, erro
 		return nil, err
 	}
 
-	secret := f.factory()
+	secret := f.factory(ctx, id)
 	if err := secret.SetMetadata(metadata); err != nil {
 		return nil, err
 	}
@@ -286,7 +286,7 @@ func (f *fileStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.S
 			return err
 		}
 
-		secret := f.factory()
+		secret := f.factory(ctx, id)
 		if err := secret.SetMetadata(metadata); err != nil {
 			return err
 		}
diff --git a/store/posixage/store_test.go b/store/posixage/store_test.go
@@ -70,7 +70,7 @@ func TestPOSIXAge(t *testing.T) {
 
 		masterKey := uuid.NewString()
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -143,7 +143,7 @@ func TestPOSIXAge(t *testing.T) {
 
 		masterKey := uuid.NewString()
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -182,7 +182,7 @@ func TestPOSIXAge(t *testing.T) {
 
 		masterKey := uuid.NewString()
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -240,7 +240,7 @@ func TestPOSIXAge(t *testing.T) {
 
 		masterKey := uuid.NewString()
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -301,7 +301,7 @@ func TestPOSIXAge(t *testing.T) {
 		require.NoError(t, err)
 
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -384,7 +384,7 @@ func TestPOSIXAge(t *testing.T) {
 		require.NoError(t, err)
 
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -463,7 +463,7 @@ func TestPOSIXAge(t *testing.T) {
 		})
 
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -530,7 +530,7 @@ func TestPOSIXAge(t *testing.T) {
 		require.NoError(t, err)
 
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -602,7 +602,7 @@ func TestPOSIXAge(t *testing.T) {
 		})
 
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -651,7 +651,7 @@ func TestPOSIXAge(t *testing.T) {
 
 		encryptError := errors.New("something went wrong inside the encryption callbackFunc")
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
@@ -684,7 +684,7 @@ func TestPOSIXAge(t *testing.T) {
 
 		decryptError := errors.New("something went wrong inside the decryption callbackFunc")
 		s, err := New(root,
-			func() *mocks.MockCredential {
+			func(_ context.Context, _ store.ID) *mocks.MockCredential {
 				return &mocks.MockCredential{}
 			},
 			WithLogger(&testLogger{t}),
diff --git a/store/store.go b/store/store.go
@@ -78,4 +78,4 @@ type Store interface {
 	Filter(ctx context.Context, pattern Pattern) (map[ID]Secret, error)
 }
 
-type Factory[T Secret] func() T
+type Factory[T Secret] func(context.Context, ID) T

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ func newCommand() (*cobra.Command, error) {`
`20`	`20`	`kc, err := keychain.New(`
`21`	`21`	`"io.docker.Secrets",`
`22`	`22`	`"docker-example-cli",`
`23`		`- func() *mocks.MockCredential {`
	`23`	`+ func(_ context.Context, _ store.ID) *mocks.MockCredential {`
`24`	`24`	`return &mocks.MockCredential{}`
`25`	`25`	`},`
`26`	`26`	`)`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ var (`
`19`	`19`	`type keychainStore[T store.Secret] struct {`
`20`	`20`	`serviceGroup string`
`21`	`21`	`serviceName string`
`22`		`- factory func() T`
	`22`	`+ factory store.Factory[T]`
`23`	`23`	`useDataProtectionKeychain bool`
`24`	`24`	`}`
`25`	`25`
`@@ -102,7 +102,7 @@ func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {`
`102`	`102`	`return nil`
`103`	`103`	`}`
`104`	`104`
`105`		`-func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, error) {`
	`105`	`+func (k *keychainStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, error) {`
`106`	`106`	`result, err := getItemWithData(id.String(), k)`
`107`	`107`	`if err != nil {`
`108`	`108`	`return nil, err`
`@@ -114,7 +114,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er`
`114`	`114`	`}`
`115`	`115`	`safelyCleanMetadata(attributes)`
`116`	`116`
`117`		`- secret := k.factory()`
	`117`	`+ secret := k.factory(ctx, id)`
`118`	`118`	`if err := secret.SetMetadata(attributes); err != nil {`
`119`	`119`	`return nil, err`
`120`	`120`	`}`
`@@ -124,7 +124,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er`
`124`	`124`	`return secret, nil`
`125`	`125`	`}`
`126`	`126`
`127`		`-func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.Secret, error) {`
	`127`	`+func (k *keychainStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.Secret, error) {`
`128`	`128`	`item := newKeychainItem("", k)`
`129`	`129`
`130`	`130`	`// We use the MatchLimitAll attribute to query for multiple items from the`
`@@ -149,7 +149,7 @@ func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.S`
`149`	`149`	`}`
`150`	`150`	`safelyCleanMetadata(attributes)`
`151`	`151`
`152`		`- secret := k.factory()`
	`152`	`+ secret := k.factory(ctx, id)`
`153`	`153`	`if err := secret.SetMetadata(attributes); err != nil {`
`154`	`154`	`return nil, err`
`155`	`155`	`}`
`@@ -184,7 +184,7 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec`
`184`	`184`	`return mapKeychainError(kc.AddItem(item))`
`185`	`185`	`}`
`186`	`186`
`187`		`-func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {`
	`187`	`+func (k *keychainStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {`
`188`	`188`	`// Note: Filter on macOS cannot filter by generic attributes and thus we`
`189`	`189`	`// cannot split the ID and store it in the keychain as parts for later`
`190`	`190`	`// pattern matching.`
`@@ -242,7 +242,7 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map`
`242`	`242`	`return nil, err`
`243`	`243`	`}`
`244`	`244`
`245`		`- secret := k.factory()`
	`245`	`+ secret := k.factory(ctx, id)`
`246`	`246`	`if err := secret.SetMetadata(attr); err != nil {`
`247`	`247`	`return nil, err`
`248`	`248`	`}`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ func isCollectionUnlocked(collectionPath dbus.ObjectPath, service *kc.SecretServ`
`97`	`97`	`type keychainStore[T store.Secret] struct {`
`98`	`98`	`serviceGroup string`
`99`	`99`	`serviceName string`
`100`		`- factory func() T`
	`100`	`+ factory store.Factory[T]`
`101`	`101`	`}`
`102`	`102`
`103`	`103`	`func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {`
`@@ -143,7 +143,7 @@ func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {`
`143`	`143`	`return service.DeleteItem(items[0])`
`144`	`144`	`}`
`145`	`145`
`146`		`-func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, error) {`
	`146`	`+func (k *keychainStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, error) {`
`147`	`147`	`service, err := kc.NewService()`
`148`	`148`	`if err != nil {`
`149`	`149`	`return nil, err`
`@@ -193,7 +193,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er`
`193`	`193`	`if err != nil {`
`194`	`194`	`return nil, err`
`195`	`195`	`}`
`196`		`- secret := k.factory()`
	`196`	`+ secret := k.factory(ctx, id)`
`197`	`197`	`if err := secret.SetMetadata(attributes); err != nil {`
`198`	`198`	`return nil, err`
`199`	`199`	`}`
`@@ -204,7 +204,7 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er`
`204`	`204`	`return secret, nil`
`205`	`205`	`}`
`206`	`206`
`207`		`-func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.Secret, error) {`
	`207`	`+func (k *keychainStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.Secret, error) {`
`208`	`208`	`service, err := kc.NewService()`
`209`	`209`	`if err != nil {`
`210`	`210`	`return nil, err`
`@@ -261,7 +261,7 @@ func (k *keychainStore[T]) GetAllMetadata(context.Context) (map[store.ID]store.S`
`261`	`261`	`}`
`262`	`262`	`safelyCleanMetadata(attributes)`
`263`	`263`
`264`		`- secret := k.factory()`
	`264`	`+ secret := k.factory(ctx, secretID)`
`265`	`265`	`if err := secret.SetMetadata(attributes); err != nil {`
`266`	`266`	`return nil, err`
`267`	`267`	`}`
`@@ -326,7 +326,7 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec`
`326`	`326`	`}`
`327`	`327`
`328`	`328`	`//gocyclo:ignore`
`329`		`-func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {`
	`329`	`+func (k *keychainStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[store.ID]store.Secret, error) {`
`330`	`330`	`service, err := kc.NewService()`
`331`	`331`	`if err != nil {`
`332`	`332`	`return nil, err`
`@@ -402,7 +402,7 @@ func (k *keychainStore[T]) Filter(_ context.Context, pattern store.Pattern) (map`
`402`	`402`	`}`
`403`	`403`	`safelyCleanMetadata(attributes)`
`404`	`404`
`405`		`- secret := k.factory()`
	`405`	`+ secret := k.factory(ctx, secretID)`
`406`	`406`	`if err := secret.SetMetadata(attributes); err != nil {`
`407`	`407`	`return nil, err`
`408`	`408`	`}`
Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,7 @@ func (f *fileStore[T]) Filter(ctx context.Context, pattern store.Pattern) (map[s`
`201`	`201`	`return err`
`202`	`202`	`}`
`203`	`203`
`204`		`- secret := f.factory()`
	`204`	`+ secret := f.factory(ctx, id)`
`205`	`205`	`if err := secret.SetMetadata(metadata); err != nil {`
`206`	`206`	`return err`
`207`	`207`	`}`
`@@ -241,7 +241,7 @@ func (f *fileStore[T]) Get(ctx context.Context, id store.ID) (store.Secret, erro`
`241`	`241`	`return nil, err`
`242`	`242`	`}`
`243`	`243`
`244`		`- secret := f.factory()`
	`244`	`+ secret := f.factory(ctx, id)`
`245`	`245`	`if err := secret.SetMetadata(metadata); err != nil {`
`246`	`246`	`return nil, err`
`247`	`247`	`}`
`@@ -286,7 +286,7 @@ func (f *fileStore[T]) GetAllMetadata(ctx context.Context) (map[store.ID]store.S`
`286`	`286`	`return err`
`287`	`287`	`}`
`288`	`288`
`289`		`- secret := f.factory()`
	`289`	`+ secret := f.factory(ctx, id)`
`290`	`290`	`if err := secret.SetMetadata(metadata); err != nil {`
`291`	`291`	`return err`
`292`	`292`	`}`
Original file line number	Diff line number	Diff line change
`@@ -78,4 +78,4 @@ type Store interface {`
`78`	`78`	`Filter(ctx context.Context, pattern Pattern) (map[ID]Secret, error)`
`79`	`79`	`}`
`80`	`80`
`81`		`-type Factory[T Secret] func() T`
	`81`	`+type Factory[T Secret] func(context.Context, ID) T`