Documentation ¶
Overview ¶
Package secrets provides primitives for resolving secrets from external sources, such as Hashicorp Vault or Azure Key Vault, into Credential Sets and injecting them into bundle runtimes.
Index ¶
- Constants
- type PluginAdapter
- type Set
- type Source
- func (s Source) MarshalJSON() ([]byte, error)
- func (s Source) MarshalRaw() interface{}
- func (s Source) MarshalYAML() (interface{}, error)
- func (s *Source) UnmarshalJSON(data []byte) error
- func (s *Source) UnmarshalRaw(raw map[string]interface{}) error
- func (s *Source) UnmarshalYAML(value *yaml.Node) error
- type SourceMap
- type Store
- type StrategyList
- type TestSecretsProvider
Constants ¶
const SourceSecret = "secret"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PluginAdapter ¶ added in v1.0.1
type PluginAdapter struct {
// contains filtered or unexported fields
}
PluginAdapter converts between the low-level plugins.SecretsProtocol and the secrets.Store interface.
func NewPluginAdapter ¶ added in v1.0.1
func NewPluginAdapter(plugin plugins.SecretsProtocol) PluginAdapter
NewPluginAdapter wraps the specified storage plugin.
func (PluginAdapter) Close ¶ added in v1.0.1
func (a PluginAdapter) Close() error
type Set ¶ added in v1.0.1
Set is an actual set of resolved values. This is the output of resolving a parameter or credential set file.
func (Set) IsValid ¶ added in v1.0.1
IsValid determines if the provided key (designating a name of a parameter or credential) is included in the provided set
func (Set) Merge ¶ added in v1.0.1
Merge merges a second Set into the base.
Duplicate names are not allow and will result in an error, this is the case even if the values are identical.
func (Set) ToCNAB ¶ added in v1.0.1
func (s Set) ToCNAB() valuesource.Set
ToCNAB converts this to a type accepted by the cnab-go runtime.
type Source ¶ added in v1.0.1
type Source struct { // Strategy to resolve the source value, e.g. "secret" or "env". Strategy string // Hint to the strategy handler on how to resolve the value. // For example the name of the secret in a secret store or name of an environment variable. Hint string }
Source specifies how to resolve a parameter or credential from an external source.
func (Source) MarshalJSON ¶ added in v1.0.1
func (Source) MarshalRaw ¶ added in v1.0.1
func (s Source) MarshalRaw() interface{}
func (Source) MarshalYAML ¶ added in v1.0.1
func (*Source) UnmarshalJSON ¶ added in v1.0.1
func (*Source) UnmarshalRaw ¶ added in v1.0.1
func (*Source) UnmarshalYAML ¶ added in v1.0.1
type SourceMap ¶ added in v1.0.14
type SourceMap struct { // Name is the name of the parameter or credential. Name string `json:"name" yaml:"name"` // Source defines a strategy for resolving a value from the specified source. Source Source `json:"source,omitempty" yaml:"source,omitempty"` // ResolvedValue holds the resolved parameter or credential value. // When a parameter or credential is resolved, it is loaded into this field. In all // other cases, it is empty. This field is omitted during serialization. ResolvedValue string `json:"-" yaml:"-"` }
SourceMap maps from a parameter or credential name to a source strategy for resolving its value.
type Store ¶ added in v1.0.1
type Store interface { Close() error // Resolve a credential's value from a secret store // - keyName is name of the key where the secret can be found. // - keyValue is the value of the key. // Examples: // - keyName=env, keyValue=CONN_STRING // - keyName=key, keyValue=conn-string // - keyName=path, keyValue=/tmp/connstring.txt Resolve(ctx context.Context, keyName string, keyValue string) (string, error) // Create stores a secret value in a secret store. // - keyName is name of the key where the secret can be found. // - keyValue is the value of the key. // Examples: // - keyName=env, keyValue=CONN_STRING, value=redis://foo // - keyName=key, keyValue=conn-string, value=redis://foo // - keyName=path, keyValue=/tmp/connstring.txt, value=redis://foo Create(ctx context.Context, keyName string, keyValue string, value string) error }
Store is the interface that Porter uses to interact with secrets.
type StrategyList ¶ added in v1.0.12
type StrategyList []SourceMap
func (StrategyList) Len ¶ added in v1.0.12
func (l StrategyList) Len() int
func (StrategyList) Less ¶ added in v1.0.12
func (l StrategyList) Less(i, j int) bool
func (StrategyList) Swap ¶ added in v1.0.12
func (l StrategyList) Swap(i, j int)
type TestSecretsProvider ¶ added in v1.0.1
type TestSecretsProvider struct { PluginAdapter // contains filtered or unexported fields }
func NewTestSecretsProvider ¶ added in v1.0.1
func NewTestSecretsProvider() TestSecretsProvider
func (TestSecretsProvider) Close ¶ added in v1.0.1
func (s TestSecretsProvider) Close() error
Directories ¶
Path | Synopsis |
---|---|
filesystem
Package filesystem provides a plugin implementing the secret plugin protocol for creating/resolving secrets from the local filesystem.
|
Package filesystem provides a plugin implementing the secret plugin protocol for creating/resolving secrets from the local filesystem. |
host
Package host provides a plugin implementing the original behavior of resolving secrets from the local host: environment variables, paths, commands and static values.
|
Package host provides a plugin implementing the original behavior of resolving secrets from the local host: environment variables, paths, commands and static values. |
in-memory
Package inmemory provides an in-memory implementation of a secret store suitable for unit testing.
|
Package inmemory provides an in-memory implementation of a secret store suitable for unit testing. |
proto
Package proto is the protobuf definition for the SecretsProtocol
|
Package proto is the protobuf definition for the SecretsProtocol |
Package pluginstore is an internal Porter package that implements the plugins.SecretsPlugin interface.
|
Package pluginstore is an internal Porter package that implements the plugins.SecretsPlugin interface. |