backends

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var GCPPath, _ = regexp.Compile(`projects/(?P<projectid>.+)/secrets/(?P<secretid>.+)`)
View Source
var IBMPath, _ = regexp.Compile(`ibmcloud/(?P<type>.+)/secrets/groups/(?P<groupId>.+)`)

Functions

This section is empty.

Types

type AWSSecretsManager

type AWSSecretsManager struct {
	Client secretsmanageriface.SecretsManagerAPI
}

AWSSecretsManager is a struct for working with a AWS Secrets Manager backend

func NewAWSSecretsManagerBackend

func NewAWSSecretsManagerBackend(client secretsmanageriface.SecretsManagerAPI) *AWSSecretsManager

NewAWSSecretsManagerBackend initializes a new AWS Secrets Manager backend

func (*AWSSecretsManager) GetIndividualSecret

func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For AWS, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*AWSSecretsManager) GetSecrets

func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from aws secrets manager and returns the formatted data

func (*AWSSecretsManager) Login

func (a *AWSSecretsManager) Login() error

Login does nothing as a "login" is handled on the instantiation of the aws sdk

type AzureKeyVault

type AzureKeyVault struct {
	Client keyvault.BaseClient
}

AzureKeyVault is a struct for working with an Azure Key Vault backend

func NewAzureKeyVaultBackend

func NewAzureKeyVaultBackend(client keyvault.BaseClient) *AzureKeyVault

NewAzureKeyVaultBackend initializes a new Azure Key Vault backend

func (*AzureKeyVault) GetIndividualSecret

func (a *AzureKeyVault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Azure Key Vault, `kvpath` is the unique name of your vault Secrets (placeholders) are directly addressable via the API, so only one call is needed here

func (*AzureKeyVault) GetSecrets

func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from Azure Key Vault and returns the formatted data For Azure Key Vault, `kvpath` is the unique name of your vault

func (*AzureKeyVault) Login

func (a *AzureKeyVault) Login() error

Login does nothing as a "login" is handled on the instantiation of the Azure SDK

type GCPSecretManager

type GCPSecretManager struct {
	Context context.Context
	Client  SecretManagerClient
}

GCPSecretManager is a struct for working with a GCP Secret Manager backend

func NewGCPSecretManagerBackend

func NewGCPSecretManagerBackend(ctx context.Context, client SecretManagerClient) *GCPSecretManager

NewGCPSecretManagerBackend initializes a new GCP Secret Manager backend

func (*GCPSecretManager) GetIndividualSecret

func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For GCP, the path is specific to the secret So, we just forward the value from the k/v result of GetSecrets

func (*GCPSecretManager) GetSecrets

func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from GCP Secret Manager and returns the formatted data The path is of format `projects/project-id/secrets/secret-id`

func (*GCPSecretManager) Login

func (a *GCPSecretManager) Login() error

Login does nothing as a "login" is handled on the instantiation of the Google SDK

type IBMSecretsManager

type IBMSecretsManager struct {
	Client IBMSecretsManagerClient
	// contains filtered or unexported fields
}

IBMSecretsManager is a struct for working with IBM Secret Manager

func NewIBMSecretsManagerBackend

func NewIBMSecretsManagerBackend(client IBMSecretsManagerClient) *IBMSecretsManager

NewIBMSecretsManagerBackend initializes a new IBM Secret Manager backend

func (*IBMSecretsManager) GetIndividualSecret

func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend This requires listing the secrets of the group to obtain the id, and then using that to grab the one secret's payload

func (*IBMSecretsManager) GetSecrets

func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets returns the data for all secrets of a specific type of a group in IBM Secrets Manager

func (*IBMSecretsManager) Login

func (i *IBMSecretsManager) Login() error

Login does nothing since the IBM Secrets Manager client is setup on instantiation

type IBMSecretsManagerClient

type IBMSecretsManagerClient interface {
	ListAllSecrets(listAllSecretsOptions *ibmsm.ListAllSecretsOptions) (result *ibmsm.ListSecrets, response *core.DetailedResponse, err error)
	GetSecret(getSecretOptions *ibmsm.GetSecretOptions) (result *ibmsm.GetSecret, response *core.DetailedResponse, err error)
	GetSecretVersion(getSecretOptions *ibmsm.GetSecretVersionOptions) (result *ibmsm.GetSecretVersion, response *core.DetailedResponse, err error)
}

IBMSecretsManagerClient is an interface for any client to the IBM Secrets Manager These are only the methods we need

type LocalSecretManager

type LocalSecretManager struct {
	Decrypt decryptFunc
}

LocalSecretManager is a struct for working with local files Receives a function that knows how to decrypt the file, f.ex. using sops

func NewLocalSecretManagerBackend

func NewLocalSecretManagerBackend(decrypt decryptFunc) *LocalSecretManager

NewLocalSecretManagerBackend initializes a new local secret backend

func (*LocalSecretManager) GetIndividualSecret

func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the backend For local secrets, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*LocalSecretManager) GetSecrets

func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets using decrypt function and returns the formatted data

func (*LocalSecretManager) Login

func (a *LocalSecretManager) Login() error

Login does nothing as a "login" is handled by environment

type SecretManagerClient

type SecretManagerClient interface {
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}

type Vault

type Vault struct {
	types.AuthType
	VaultClient *api.Client
	KvVersion   string
}

Vault is a struct for working with a Vault backend

func NewVaultBackend

func NewVaultBackend(auth types.AuthType, client *api.Client, kv string) *Vault

NewVaultBackend initializes a new Vault Backend

func (*Vault) GetIndividualSecret

func (v *Vault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Vault, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*Vault) GetSecrets

func (v *Vault) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from vault and returns the formatted data

func (*Vault) Login

func (v *Vault) Login() error

Login authenticates with the auth type provided

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL