Documentation ¶
Index ¶
- Constants
- Variables
- type AWSSecretsManager
- func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *AWSSecretsManager) Login() error
- type AWSSecretsManagerIface
- type AzSecretsClient
- type AzureKeyVault
- type DelineaSecretServer
- func (v *DelineaSecretServer) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *DelineaSecretServer) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *DelineaSecretServer) Login() error
- type GCPSecretManager
- func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *GCPSecretManager) Login() error
- type IBMSecretData
- type IBMSecretMetadata
- type IBMSecretsManager
- func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretRef, version string, annotations map[string]string) (interface{}, error)
- func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (i *IBMSecretsManager) Login() error
- type IBMSecretsManagerClient
- type IBMVersionedSecretData
- type KeeperClient
- type KeeperSecretsManager
- func (v *KeeperSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)
- func (a *KeeperSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (k *KeeperSecretsManager) Login() error
- type KubernetesSecret
- type LocalSecretManager
- func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *LocalSecretManager) Login() error
- type OnePasswordConnect
- func (a *OnePasswordConnect) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *OnePasswordConnect) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *OnePasswordConnect) Login() error
- type SecretManagerClient
- type Vault
- type YandexCloudLockbox
Constants ¶
const ( AWS_CURRENT string = "AWSCURRENT" AWS_PREVIOUS string = "AWSPREVIOUS" )
Variables ¶
var GCPPath, _ = regexp.Compile(`projects/(?P<projectid>.+)/secrets/(?P<secretid>.+)`)
var GroupId, _ = regexp.Compile(`[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`)
var IBMPath, _ = regexp.Compile(`ibmcloud/(?P<type>.+)/secrets/groups/(?P<groupId>[^/\n]+)(/(?P<secretName>.+))?`)
Functions ¶
This section is empty.
Types ¶
type AWSSecretsManager ¶
type AWSSecretsManager struct {
Client AWSSecretsManagerIface
}
AWSSecretsManager is a struct for working with a AWS Secrets Manager backend
func NewAWSSecretsManagerBackend ¶
func NewAWSSecretsManagerBackend(client AWSSecretsManagerIface) *AWSSecretsManager
NewAWSSecretsManagerBackend initializes a new AWS Secrets Manager backend
func (*AWSSecretsManager) GetIndividualSecret ¶
func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For AWS, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
func (*AWSSecretsManager) GetSecrets ¶
func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from aws secrets manager and returns the formatted data
func (*AWSSecretsManager) Login ¶
func (a *AWSSecretsManager) Login() error
Login does nothing as a "login" is handled on the instantiation of the aws sdk
type AWSSecretsManagerIface ¶ added in v1.14.0
type AWSSecretsManagerIface interface { GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error) }
type AzSecretsClient ¶ added in v1.18.0
type AzSecretsClient interface { GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) NewListSecretPropertiesPager(options *azsecrets.ListSecretPropertiesOptions) *runtime.Pager[azsecrets.ListSecretPropertiesResponse] }
type AzureKeyVault ¶
type AzureKeyVault struct { Credential azcore.TokenCredential ClientBuilder func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (AzSecretsClient, error) }
AzureKeyVault is a struct for working with an Azure Key Vault backend
func NewAzureKeyVaultBackend ¶
func NewAzureKeyVaultBackend(credential azcore.TokenCredential, clientBuilder func(vaultURL string, credential azcore.TokenCredential, options *azsecrets.ClientOptions) (*azsecrets.Client, error)) *AzureKeyVault
NewAzureKeyVaultBackend initializes a new Azure Key Vault backend
func (*AzureKeyVault) GetIndividualSecret ¶
func (a *AzureKeyVault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Azure Key Vault, `kvpath` is the unique name of your vault Secrets (placeholders) are directly addressable via the API, so only one call is needed here
func (*AzureKeyVault) GetSecrets ¶
func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from Azure Key Vault and returns the formatted data For Azure Key Vault, `kvpath` is the unique name of your vault For Azure use the version here not make really sens as each secret have a different version but let support it
func (*AzureKeyVault) Login ¶
func (a *AzureKeyVault) Login() error
Login does nothing as a "login" is handled on the instantiation of the Azure SDK
type DelineaSecretServer ¶ added in v1.15.0
type DelineaSecretServer struct {
Client *delineasecretserver.Server
}
DelineaSecretServer is a struct for working with a Delinea Secrets Manager backend
func NewDelineaSecretServerBackend ¶ added in v1.15.0
func NewDelineaSecretServerBackend(client *delineasecretserver.Server) *DelineaSecretServer
NewDelineaSecretServerBackend initializes a new Delinea Secrets Manager backend
func (*DelineaSecretServer) GetIndividualSecret ¶ added in v1.15.0
func (v *DelineaSecretServer) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Delinea Secret Server, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
func (*DelineaSecretServer) GetSecrets ¶ added in v1.15.0
func (a *DelineaSecretServer) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from Delinea Secret Server and returns the formatted data Currently there is no implementation present for versions nor annotations
func (*DelineaSecretServer) Login ¶ added in v1.15.0
func (a *DelineaSecretServer) Login() error
Login does nothing as a "login" is handled on the instantiation of the Delinea sdk
type GCPSecretManager ¶
type GCPSecretManager struct { Context context.Context Client SecretManagerClient }
GCPSecretManager is a struct for working with a GCP Secret Manager backend
func NewGCPSecretManagerBackend ¶
func NewGCPSecretManagerBackend(ctx context.Context, client SecretManagerClient) *GCPSecretManager
NewGCPSecretManagerBackend initializes a new GCP Secret Manager backend
func (*GCPSecretManager) GetIndividualSecret ¶
func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For GCP, the path is specific to the secret So, we just forward the value from the k/v result of GetSecrets
func (*GCPSecretManager) GetSecrets ¶
func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from GCP Secret Manager and returns the formatted data The path is of format `projects/project-id/secrets/secret-id`
func (*GCPSecretManager) Login ¶
func (a *GCPSecretManager) Login() error
Login does nothing as a "login" is handled on the instantiation of the Google SDK
type IBMSecretData ¶ added in v1.15.0
type IBMSecretData struct {
// contains filtered or unexported fields
}
IBMSecretData wraps the SecretDataIntf provided by the SDK It provides a generic method for accessing the secret's payload regardless of secret type
func NewIBMSecretData ¶ added in v1.15.0
func NewIBMSecretData(m ibmsm.SecretIntf) *IBMSecretData
NewIBMSecretData constructs a new IBMSecretData
func (IBMSecretData) GetSecret ¶ added in v1.15.0
func (d IBMSecretData) GetSecret() (map[string]interface{}, error)
GetSecret returns the data for any supported secret type
type IBMSecretMetadata ¶ added in v1.15.0
type IBMSecretMetadata struct {
// contains filtered or unexported fields
}
IBMSecretMetadata wraps the SecretMetadataIntf provided by the SDK It provides a generic method for accessing the metadata regardless of secret type
func NewIBMSecretMetadata ¶ added in v1.15.0
func NewIBMSecretMetadata(m ibmsm.SecretMetadataIntf) *IBMSecretMetadata
NewIBMSecretMetadata constructs a new IBMSecretMetdata
func (IBMSecretMetadata) GetMetadata ¶ added in v1.15.0
func (m IBMSecretMetadata) GetMetadata() (map[string]string, error)
GetMetadata returns the metadata for any supported secret type
type IBMSecretsManager ¶
type IBMSecretsManager struct { Client IBMSecretsManagerClient // contains filtered or unexported fields }
IBMSecretsManager is a struct for working with IBM Secret Manager
func NewIBMSecretsManagerBackend ¶
func NewIBMSecretsManagerBackend(client IBMSecretsManagerClient) *IBMSecretsManager
NewIBMSecretsManagerBackend initializes a new IBM Secret Manager backend
func (*IBMSecretsManager) GetIndividualSecret ¶
func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretRef, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend This requires listing the secrets of the group to obtain the id, and then using that to grab the one secret's payload
func (*IBMSecretsManager) GetSecrets ¶
func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets returns the data for all secrets of a specific type of a group in IBM Secrets Manager
func (*IBMSecretsManager) Login ¶
func (i *IBMSecretsManager) Login() error
Login does nothing since the IBM Secrets Manager client is setup on instantiation
type IBMSecretsManagerClient ¶
type IBMSecretsManagerClient interface { ListSecrets(listAllSecretsOptions *ibmsm.ListSecretsOptions) (result *ibmsm.SecretMetadataPaginatedCollection, response *core.DetailedResponse, err error) GetSecret(getSecretOptions *ibmsm.GetSecretOptions) (result ibmsm.SecretIntf, response *core.DetailedResponse, err error) GetSecretVersion(getSecretOptions *ibmsm.GetSecretVersionOptions) (result ibmsm.SecretVersionIntf, response *core.DetailedResponse, err error) ListSecretGroups(listSecretGroupsOptions *ibmsm.ListSecretGroupsOptions) (result *ibmsm.SecretGroupCollection, response *core.DetailedResponse, err error) }
IBMSecretsManagerClient is an interface for any client to the IBM Secrets Manager These are only the methods we need
type IBMVersionedSecretData ¶ added in v1.15.0
type IBMVersionedSecretData struct {
// contains filtered or unexported fields
}
IBMVersionedSecretData wraps the SecretVersionIntf provided by the SDK It provides a generic method for accessing the versioned secret's payload regardless of secret type
func NewIBMVersionedSecretData ¶ added in v1.15.0
func NewIBMVersionedSecretData(m ibmsm.SecretVersionIntf) *IBMVersionedSecretData
NewIBMVersionedSecretData constructs a new IBMVersionedSecretData
func (IBMVersionedSecretData) GetSecret ¶ added in v1.15.0
func (d IBMVersionedSecretData) GetSecret() (map[string]interface{}, error)
GetSecret returns the data for any supported versioned secret type
type KeeperClient ¶ added in v1.14.0
KeeperClient is an interface containing the aspects of the keeper api that the backend needs.
type KeeperSecretsManager ¶ added in v1.14.0
type KeeperSecretsManager struct {
// contains filtered or unexported fields
}
KeeperSecretsManager is a struct for working with a Keeper Secrets Manager backend
func NewKeeperSecretsManagerBackend ¶ added in v1.14.0
func NewKeeperSecretsManagerBackend(client KeeperClient) *KeeperSecretsManager
NewKeeperSecretsManagerBackend returns a new Keeper Secrets Manager backend.
func (*KeeperSecretsManager) GetIndividualSecret ¶ added in v1.14.0
func (v *KeeperSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret returns the specified secret. It simply wraps the GetSecrets call, and currently ignores the version parameter.
func (*KeeperSecretsManager) GetSecrets ¶ added in v1.14.0
func (a *KeeperSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from Keeper Secrets Manager. It does not currently implement anything related to versions or annotations.
func (*KeeperSecretsManager) Login ¶ added in v1.14.0
func (k *KeeperSecretsManager) Login() error
Login currently does nothing.
type KubernetesSecret ¶ added in v1.16.0
type KubernetesSecret struct {
// contains filtered or unexported fields
}
KubernetesSecret is a struct for working with a Kubernetes Secret backend
func NewKubernetesSecret ¶ added in v1.16.0
func NewKubernetesSecret() *KubernetesSecret
NewKubernetesSecret returns a new Kubernetes Secret backend.
func (*KubernetesSecret) GetIndividualSecret ¶ added in v1.16.0
func (k *KubernetesSecret) GetIndividualSecret(path, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the Kubernetes Secret backend Kubernetes Secrets can only be wholly read, So, we use GetSecrets and extract the specific placeholder we want
func (*KubernetesSecret) GetSecrets ¶ added in v1.16.0
func (k *KubernetesSecret) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from Kubernetes Secret and returns the formatted data
func (*KubernetesSecret) Login ¶ added in v1.16.0
func (k *KubernetesSecret) Login() error
Login initiates kubernetes client
type LocalSecretManager ¶
type LocalSecretManager struct {
Decrypt decryptFunc
}
LocalSecretManager is a struct for working with local files Receives a function that knows how to decrypt the file, f.ex. using sops
func NewLocalSecretManagerBackend ¶
func NewLocalSecretManagerBackend(decrypt decryptFunc) *LocalSecretManager
NewLocalSecretManagerBackend initializes a new local secret backend
func (*LocalSecretManager) GetIndividualSecret ¶
func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the backend For local secrets, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
func (*LocalSecretManager) GetSecrets ¶
func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets using decrypt function and returns the formatted data
func (*LocalSecretManager) Login ¶
func (a *LocalSecretManager) Login() error
Login does nothing as a "login" is handled by environment
type OnePasswordConnect ¶ added in v1.10.0
OnePassword is a struct for working with a 1Password Connect backend
func NewOnePasswordConnectBackend ¶ added in v1.10.0
func NewOnePasswordConnectBackend(client connect.Client) *OnePasswordConnect
NewOnePasswordConnectBackend initializes a new 1Password Connect backend
func (*OnePasswordConnect) GetIndividualSecret ¶ added in v1.10.0
func (a *OnePasswordConnect) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the 1Password connect backend For 1Password, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
func (*OnePasswordConnect) GetSecrets ¶ added in v1.10.0
func (a *OnePasswordConnect) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from 1Password Connect server and returns the formatted data
func (*OnePasswordConnect) Login ¶ added in v1.10.0
func (a *OnePasswordConnect) Login() error
Login does nothing as a "login" is handled on the instantiation of the 1Password Connect SDK
type SecretManagerClient ¶
type SecretManagerClient interface {
AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}
type Vault ¶
Vault is a struct for working with a Vault backend
func NewVaultBackend ¶
NewVaultBackend initializes a new Vault Backend
func (*Vault) GetIndividualSecret ¶
func (v *Vault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Vault, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
type YandexCloudLockbox ¶ added in v1.9.0
type YandexCloudLockbox struct {
// contains filtered or unexported fields
}
YandexCloudLockbox is a struct for working with a Yandex Cloud lockbox backend
func NewYandexCloudLockboxBackend ¶ added in v1.9.0
func NewYandexCloudLockboxBackend(client lockbox.PayloadServiceClient) *YandexCloudLockbox
NewYandexCloudLockboxBackend initializes a new Yandex Cloud lockbox backend
func (*YandexCloudLockbox) GetIndividualSecret ¶ added in v1.9.0
func (ycl *YandexCloudLockbox) GetIndividualSecret(secretID, key, version string, _ map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the lockbox backend
func (*YandexCloudLockbox) GetSecrets ¶ added in v1.9.0
func (ycl *YandexCloudLockbox) GetSecrets(secretID string, version string, _ map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from lockbox and returns the formatted data
func (*YandexCloudLockbox) Login ¶ added in v1.9.0
func (ycl *YandexCloudLockbox) Login() error
Login does nothing as a "login" is handled on the instantiation of the lockbox