backends

package
v1.18.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AWS_CURRENT  string = "AWSCURRENT"
	AWS_PREVIOUS string = "AWSPREVIOUS"
)

Variables

View Source
var GCPPath, _ = regexp.Compile(`projects/(?P<projectid>.+)/secrets/(?P<secretid>.+)`)
View Source
var GroupId, _ = regexp.Compile(`[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`)
View Source
var IBMPath, _ = regexp.Compile(`ibmcloud/(?P<type>.+)/secrets/groups/(?P<groupId>[^/\n]+)(/(?P<secretName>.+))?`)

Functions

This section is empty.

Types

type AWSSecretsManager

type AWSSecretsManager struct {
	Client AWSSecretsManagerIface
}

AWSSecretsManager is a struct for working with a AWS Secrets Manager backend

func NewAWSSecretsManagerBackend

func NewAWSSecretsManagerBackend(client AWSSecretsManagerIface) *AWSSecretsManager

NewAWSSecretsManagerBackend initializes a new AWS Secrets Manager backend

func (*AWSSecretsManager) GetIndividualSecret

func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For AWS, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*AWSSecretsManager) GetSecrets

func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from aws secrets manager and returns the formatted data

func (*AWSSecretsManager) Login

func (a *AWSSecretsManager) Login() error

Login does nothing as a "login" is handled on the instantiation of the aws sdk

type AWSSecretsManagerIface added in v1.14.0

type AWSSecretsManagerIface interface {
	GetSecretValue(ctx context.Context,
		params *secretsmanager.GetSecretValueInput,
		optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
}

type AzSecretsClient added in v1.18.0

type AzSecretsClient interface {
	GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
	NewListSecretPropertiesPager(options *azsecrets.ListSecretPropertiesOptions) *runtime.Pager[azsecrets.ListSecretPropertiesResponse]
}

type AzureKeyVault

type AzureKeyVault struct {
	Credential    azcore.TokenCredential
	ClientBuilder func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (AzSecretsClient, error)
}

AzureKeyVault is a struct for working with an Azure Key Vault backend

func NewAzureKeyVaultBackend

func NewAzureKeyVaultBackend(credential azcore.TokenCredential, clientBuilder func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (*azsecrets.Client, error)) *AzureKeyVault

NewAzureKeyVaultBackend initializes a new Azure Key Vault backend

func (*AzureKeyVault) GetIndividualSecret

func (a *AzureKeyVault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Azure Key Vault, `kvpath` is the unique name of your vault Secrets (placeholders) are directly addressable via the API, so only one call is needed here

func (*AzureKeyVault) GetSecrets

func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from Azure Key Vault and returns the formatted data For Azure Key Vault, `kvpath` is the unique name of your vault For Azure use the version here not make really sens as each secret have a different version but let support it

func (*AzureKeyVault) Login

func (a *AzureKeyVault) Login() error

Login does nothing as a "login" is handled on the instantiation of the Azure SDK

type DelineaSecretServer added in v1.15.0

type DelineaSecretServer struct {
	Client *delineasecretserver.Server
}

DelineaSecretServer is a struct for working with a Delinea Secrets Manager backend

func NewDelineaSecretServerBackend added in v1.15.0

func NewDelineaSecretServerBackend(client *delineasecretserver.Server) *DelineaSecretServer

NewDelineaSecretServerBackend initializes a new Delinea Secrets Manager backend

func (*DelineaSecretServer) GetIndividualSecret added in v1.15.0

func (v *DelineaSecretServer) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Delinea Secret Server, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*DelineaSecretServer) GetSecrets added in v1.15.0

func (a *DelineaSecretServer) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from Delinea Secret Server and returns the formatted data Currently there is no implementation present for versions nor annotations

func (*DelineaSecretServer) Login added in v1.15.0

func (a *DelineaSecretServer) Login() error

Login does nothing as a "login" is handled on the instantiation of the Delinea sdk

type GCPSecretManager

type GCPSecretManager struct {
	Context context.Context
	Client  SecretManagerClient
}

GCPSecretManager is a struct for working with a GCP Secret Manager backend

func NewGCPSecretManagerBackend

func NewGCPSecretManagerBackend(ctx context.Context, client SecretManagerClient) *GCPSecretManager

NewGCPSecretManagerBackend initializes a new GCP Secret Manager backend

func (*GCPSecretManager) GetIndividualSecret

func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For GCP, the path is specific to the secret So, we just forward the value from the k/v result of GetSecrets

func (*GCPSecretManager) GetSecrets

func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from GCP Secret Manager and returns the formatted data The path is of format `projects/project-id/secrets/secret-id`

func (*GCPSecretManager) Login

func (a *GCPSecretManager) Login() error

Login does nothing as a "login" is handled on the instantiation of the Google SDK

type IBMSecretData added in v1.15.0

type IBMSecretData struct {
	// contains filtered or unexported fields
}

IBMSecretData wraps the SecretDataIntf provided by the SDK It provides a generic method for accessing the secret's payload regardless of secret type

func NewIBMSecretData added in v1.15.0

func NewIBMSecretData(m ibmsm.SecretIntf) *IBMSecretData

NewIBMSecretData constructs a new IBMSecretData

func (IBMSecretData) GetSecret added in v1.15.0

func (d IBMSecretData) GetSecret() (map[string]interface{}, error)

GetSecret returns the data for any supported secret type

type IBMSecretMetadata added in v1.15.0

type IBMSecretMetadata struct {
	// contains filtered or unexported fields
}

IBMSecretMetadata wraps the SecretMetadataIntf provided by the SDK It provides a generic method for accessing the metadata regardless of secret type

func NewIBMSecretMetadata added in v1.15.0

func NewIBMSecretMetadata(m ibmsm.SecretMetadataIntf) *IBMSecretMetadata

NewIBMSecretMetadata constructs a new IBMSecretMetdata

func (IBMSecretMetadata) GetMetadata added in v1.15.0

func (m IBMSecretMetadata) GetMetadata() (map[string]string, error)

GetMetadata returns the metadata for any supported secret type

type IBMSecretsManager

type IBMSecretsManager struct {
	Client IBMSecretsManagerClient
	// contains filtered or unexported fields
}

IBMSecretsManager is a struct for working with IBM Secret Manager

func NewIBMSecretsManagerBackend

func NewIBMSecretsManagerBackend(client IBMSecretsManagerClient) *IBMSecretsManager

NewIBMSecretsManagerBackend initializes a new IBM Secret Manager backend

func (*IBMSecretsManager) GetIndividualSecret

func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretRef, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend This requires listing the secrets of the group to obtain the id, and then using that to grab the one secret's payload

func (*IBMSecretsManager) GetSecrets

func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets returns the data for all secrets of a specific type of a group in IBM Secrets Manager

func (*IBMSecretsManager) Login

func (i *IBMSecretsManager) Login() error

Login does nothing since the IBM Secrets Manager client is setup on instantiation

type IBMSecretsManagerClient

type IBMSecretsManagerClient interface {
	ListSecrets(listAllSecretsOptions *ibmsm.ListSecretsOptions) (result *ibmsm.SecretMetadataPaginatedCollection, response *core.DetailedResponse, err error)
	GetSecret(getSecretOptions *ibmsm.GetSecretOptions) (result ibmsm.SecretIntf, response *core.DetailedResponse, err error)
	GetSecretVersion(getSecretOptions *ibmsm.GetSecretVersionOptions) (result ibmsm.SecretVersionIntf, response *core.DetailedResponse, err error)
	ListSecretGroups(listSecretGroupsOptions *ibmsm.ListSecretGroupsOptions) (result *ibmsm.SecretGroupCollection, response *core.DetailedResponse, err error)
}

IBMSecretsManagerClient is an interface for any client to the IBM Secrets Manager These are only the methods we need

type IBMVersionedSecretData added in v1.15.0

type IBMVersionedSecretData struct {
	// contains filtered or unexported fields
}

IBMVersionedSecretData wraps the SecretVersionIntf provided by the SDK It provides a generic method for accessing the versioned secret's payload regardless of secret type

func NewIBMVersionedSecretData added in v1.15.0

func NewIBMVersionedSecretData(m ibmsm.SecretVersionIntf) *IBMVersionedSecretData

NewIBMVersionedSecretData constructs a new IBMVersionedSecretData

func (IBMVersionedSecretData) GetSecret added in v1.15.0

func (d IBMVersionedSecretData) GetSecret() (map[string]interface{}, error)

GetSecret returns the data for any supported versioned secret type

type KeeperClient added in v1.14.0

type KeeperClient interface {
	GetSecrets(ids []string) ([]*ksm.Record, error)
}

KeeperClient is an interface containing the aspects of the keeper api that the backend needs.

type KeeperSecretsManager added in v1.14.0

type KeeperSecretsManager struct {
	// contains filtered or unexported fields
}

KeeperSecretsManager is a struct for working with a Keeper Secrets Manager backend

func NewKeeperSecretsManagerBackend added in v1.14.0

func NewKeeperSecretsManagerBackend(client KeeperClient) *KeeperSecretsManager

NewKeeperSecretsManagerBackend returns a new Keeper Secrets Manager backend.

func (*KeeperSecretsManager) GetIndividualSecret added in v1.14.0

func (v *KeeperSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret returns the specified secret. It simply wraps the GetSecrets call, and currently ignores the version parameter.

func (*KeeperSecretsManager) GetSecrets added in v1.14.0

func (a *KeeperSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from Keeper Secrets Manager. It does not currently implement anything related to versions or annotations.

func (*KeeperSecretsManager) Login added in v1.14.0

func (k *KeeperSecretsManager) Login() error

Login currently does nothing.

type KubernetesSecret added in v1.16.0

type KubernetesSecret struct {
	// contains filtered or unexported fields
}

KubernetesSecret is a struct for working with a Kubernetes Secret backend

func NewKubernetesSecret added in v1.16.0

func NewKubernetesSecret() *KubernetesSecret

NewKubernetesSecret returns a new Kubernetes Secret backend.

func (*KubernetesSecret) GetIndividualSecret added in v1.16.0

func (k *KubernetesSecret) GetIndividualSecret(path, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the Kubernetes Secret backend Kubernetes Secrets can only be wholly read, So, we use GetSecrets and extract the specific placeholder we want

func (*KubernetesSecret) GetSecrets added in v1.16.0

func (k *KubernetesSecret) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from Kubernetes Secret and returns the formatted data

func (*KubernetesSecret) Login added in v1.16.0

func (k *KubernetesSecret) Login() error

Login initiates kubernetes client

type LocalSecretManager

type LocalSecretManager struct {
	Decrypt decryptFunc
}

LocalSecretManager is a struct for working with local files Receives a function that knows how to decrypt the file, f.ex. using sops

func NewLocalSecretManagerBackend

func NewLocalSecretManagerBackend(decrypt decryptFunc) *LocalSecretManager

NewLocalSecretManagerBackend initializes a new local secret backend

func (*LocalSecretManager) GetIndividualSecret

func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the backend For local secrets, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*LocalSecretManager) GetSecrets

func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets using decrypt function and returns the formatted data

func (*LocalSecretManager) Login

func (a *LocalSecretManager) Login() error

Login does nothing as a "login" is handled by environment

type OnePasswordConnect added in v1.10.0

type OnePasswordConnect struct {
	Client connect.Client
}

OnePassword is a struct for working with a 1Password Connect backend

func NewOnePasswordConnectBackend added in v1.10.0

func NewOnePasswordConnectBackend(client connect.Client) *OnePasswordConnect

NewOnePasswordConnectBackend initializes a new 1Password Connect backend

func (*OnePasswordConnect) GetIndividualSecret added in v1.10.0

func (a *OnePasswordConnect) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the 1Password connect backend For 1Password, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*OnePasswordConnect) GetSecrets added in v1.10.0

func (a *OnePasswordConnect) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from 1Password Connect server and returns the formatted data

func (*OnePasswordConnect) Login added in v1.10.0

func (a *OnePasswordConnect) Login() error

Login does nothing as a "login" is handled on the instantiation of the 1Password Connect SDK

type SecretManagerClient

type SecretManagerClient interface {
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}

type Vault

type Vault struct {
	types.AuthType
	VaultClient *api.Client
	KvVersion   string
}

Vault is a struct for working with a Vault backend

func NewVaultBackend

func NewVaultBackend(auth types.AuthType, client *api.Client, kv string) *Vault

NewVaultBackend initializes a new Vault Backend

func (*Vault) GetIndividualSecret

func (v *Vault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Vault, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*Vault) GetSecrets

func (v *Vault) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from vault and returns the formatted data

func (*Vault) Login

func (v *Vault) Login() error

Login authenticates with the auth type provided

type YandexCloudLockbox added in v1.9.0

type YandexCloudLockbox struct {
	// contains filtered or unexported fields
}

YandexCloudLockbox is a struct for working with a Yandex Cloud lockbox backend

func NewYandexCloudLockboxBackend added in v1.9.0

func NewYandexCloudLockboxBackend(client lockbox.PayloadServiceClient) *YandexCloudLockbox

NewYandexCloudLockboxBackend initializes a new Yandex Cloud lockbox backend

func (*YandexCloudLockbox) GetIndividualSecret added in v1.9.0

func (ycl *YandexCloudLockbox) GetIndividualSecret(secretID, key, version string, _ map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the lockbox backend

func (*YandexCloudLockbox) GetSecrets added in v1.9.0

func (ycl *YandexCloudLockbox) GetSecrets(secretID string, version string, _ map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from lockbox and returns the formatted data

func (*YandexCloudLockbox) Login added in v1.9.0

func (ycl *YandexCloudLockbox) Login() error

Login does nothing as a "login" is handled on the instantiation of the lockbox

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL