Documentation ¶
Index ¶
Constants ¶
const DefaultPrefix = "gcpsecretmanager"
DefaultPrefix is the default prefixed used by the [SecretManager]
Variables ¶
var NewClient = func(ctx context.Context, opts ...option.ClientOption) (Client, error) { c, err := secretmanager.NewClient(ctx, opts...) if err != nil { return nil, fmt.Errorf("failed to instanciate secret manager client, %w", err) } return NewClientWrapper(c), err }
NewClient creates a new gcp Secret Manager client based on gRPC The returned client must be Closed when it is done being used to clean up its underlying connections.
Note: it's a variable, so it can be extended
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client interface { io.Closer SecretVersionAccessor SecretLister }
Client is an interface that represents a client for accessing secret versions and listing secrets. It extends the io.Closer interface for closing the client connections. It also extends the SecretVersionAccessor and SecretLister interfaces. The SecretVersionAccessor interface provides a method for accessing secret versions. The SecretLister interface provides a method for listing secrets.
type ClientWrapper ¶
type ClientWrapper struct {
*secretmanager.Client
}
ClientWrapper is a type that wraps the secretmanager.Client type. It provides a way to extend the functionality of the secretmanager.Client type.
func NewClientWrapper ¶
func NewClientWrapper(c *secretmanager.Client) *ClientWrapper
func (*ClientWrapper) ListSecrets ¶
func (wrapper *ClientWrapper) ListSecrets( ctx context.Context, req *secretmanagerpb.ListSecretsRequest, opts ...gax.CallOption, ) SecretIterator
ListSecrets overloads the ListSecrets method on the client to return the secretIterator interface
type PrefetchSecretManager ¶
type PrefetchSecretManager struct { *SecretManager // contains filtered or unexported fields }
PrefetchSecretManager will prefetch all secret based on a filter see filter documentation: https://cloud.google.com/secret-manager/docs/filtering
Note that the prefetch Manager fetches the LATEST version of each secret return by the filter
func NewPrefetchSecretManager ¶
func NewPrefetchSecretManager( ctx context.Context, parent string, filter string, opts ...option.ClientOption) (*PrefetchSecretManager, error)
NewPrefetchSecretManager creates a new instance of PrefetchSecretManager. It initializes the SecretManager with the default prefix and provided options. Then, it fetches filtered secrets based on the provided context, parent, filter, and options. Finally, it returns the initialized PrefetchSecretManager with the fetched secrets. Example usage:
manager, err := NewPrefetchSecretManager(ctx, "projects/*/locations/*", "labels.environment:prd", option.WithCredentialsFile("key.json")) if err != nil { log.Fatal(err) }
NOTE ON THE PARENT The parent is the resource name of the project associated with the [Secrets][google.cloud.secretmanager.v1.Secret], in the format `projects/*` or `projects/*/locations/*`
NOTE ON FILTER see: https://cloud.google.com/secret-manager/docs/filtering
ATTENTION this implementation fetches the latest versions of each secrets returned by the filter. so this means it APPENDS `/versions/latest` to the secret key so in order to have a match the keys in the config also needs to have the `/versions/latest` EXAMPLE in config: @prefix::projects/my-project-id/secrets/password // !!! will not match @prefix::projects/my-project-id/secrets/password/versions/latest // !!! WILL MATCH
this enables overriding specific version and still fetching most of the secret with cache
func (*PrefetchSecretManager) Secret ¶
func (manager *PrefetchSecretManager) Secret(ctx context.Context, key string) (secret string, err error)
Secret retrieves the secret value for a given key from the PrefetchSecretManager. If the secret is already cached, it returns the cached value. Otherwise, it delegates the retrieval to the SecretManager and returns the fetched value.
func (*PrefetchSecretManager) SetPrefix ¶
func (manager *PrefetchSecretManager) SetPrefix(prefix string)
SetPrefix sets the prefix for the PrefetchSecretManager instance. The prefix is used to filter secrets when prefetching. Example usage: manager.SetPrefix("my-project/secrets/")
type SecretIterator ¶
type SecretIterator interface {
Next() (*secretmanagerpb.Secret, error)
}
SecretIterator is an interface for iterating over secrets. It defines a single method Next() that returns the next secret and an error.
type SecretLister ¶
type SecretLister interface { ListSecrets( ctx context.Context, req *secretmanagerpb.ListSecretsRequest, opts ...gax.CallOption, ) SecretIterator }
SecretLister is an interface for listing secrets. It defines a single method ListSecrets() that returns a SecretIterator. The SecretIterator provides a way to iterate over secrets by calling Next(). The method takes a context, a ListSecretsRequest, and optional gax.CallOptions. It returns a SecretIterator that can be used to retrieve the next secret and an error.
type SecretManager ¶
type SecretManager struct {
// contains filtered or unexported fields
}
SecretManager is the Google Cloud Secret Manager Implementation https://cloud.google.com/security/products/secret-manager
func NewDefaultSecretManager ¶
func NewDefaultSecretManager() *SecretManager
func NewSecretManager ¶
func NewSecretManager(prefix string, opts ...option.ClientOption) *SecretManager
func (*SecretManager) Prefix ¶
func (manager *SecretManager) Prefix() string
type SecretVersionAccessor ¶
type SecretVersionAccessor interface { AccessSecretVersion( ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption, ) (*secretmanagerpb.AccessSecretVersionResponse, error) }
SecretVersionAccessor is an interface for accessing secret versions.