Documentation ¶
Index ¶
- Variables
- type AWSSecretsManager
- func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *AWSSecretsManager) Login() error
- type AzureKeyVault
- type GCPSecretManager
- func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *GCPSecretManager) Login() error
- type IBMSecretsManager
- func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)
- func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (i *IBMSecretsManager) Login() error
- type IBMSecretsManagerClient
- type LocalSecretManager
- func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
- func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
- func (a *LocalSecretManager) Login() error
- type SecretManagerClient
- type Vault
- type YandexCloudLockbox
Constants ¶
This section is empty.
Variables ¶
var GCPPath, _ = regexp.Compile(`projects/(?P<projectid>.+)/secrets/(?P<secretid>.+)`)
var IBMPath, _ = regexp.Compile(`ibmcloud/(?P<type>.+)/secrets/groups/(?P<groupId>.+)`)
Functions ¶
This section is empty.
Types ¶
type AWSSecretsManager ¶
type AWSSecretsManager struct {
Client secretsmanageriface.SecretsManagerAPI
}
AWSSecretsManager is a struct for working with a AWS Secrets Manager backend
func NewAWSSecretsManagerBackend ¶
func NewAWSSecretsManagerBackend(client secretsmanageriface.SecretsManagerAPI) *AWSSecretsManager
NewAWSSecretsManagerBackend initializes a new AWS Secrets Manager backend
func (*AWSSecretsManager) GetIndividualSecret ¶
func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For AWS, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
func (*AWSSecretsManager) GetSecrets ¶
func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from aws secrets manager and returns the formatted data
func (*AWSSecretsManager) Login ¶
func (a *AWSSecretsManager) Login() error
Login does nothing as a "login" is handled on the instantiation of the aws sdk
type AzureKeyVault ¶
type AzureKeyVault struct {
Client keyvault.BaseClient
}
AzureKeyVault is a struct for working with an Azure Key Vault backend
func NewAzureKeyVaultBackend ¶
func NewAzureKeyVaultBackend(client keyvault.BaseClient) *AzureKeyVault
NewAzureKeyVaultBackend initializes a new Azure Key Vault backend
func (*AzureKeyVault) GetIndividualSecret ¶
func (a *AzureKeyVault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Azure Key Vault, `kvpath` is the unique name of your vault Secrets (placeholders) are directly addressable via the API, so only one call is needed here
func (*AzureKeyVault) GetSecrets ¶
func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from Azure Key Vault and returns the formatted data For Azure Key Vault, `kvpath` is the unique name of your vault
func (*AzureKeyVault) Login ¶
func (a *AzureKeyVault) Login() error
Login does nothing as a "login" is handled on the instantiation of the Azure SDK
type GCPSecretManager ¶
type GCPSecretManager struct { Context context.Context Client SecretManagerClient }
GCPSecretManager is a struct for working with a GCP Secret Manager backend
func NewGCPSecretManagerBackend ¶
func NewGCPSecretManagerBackend(ctx context.Context, client SecretManagerClient) *GCPSecretManager
NewGCPSecretManagerBackend initializes a new GCP Secret Manager backend
func (*GCPSecretManager) GetIndividualSecret ¶
func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For GCP, the path is specific to the secret So, we just forward the value from the k/v result of GetSecrets
func (*GCPSecretManager) GetSecrets ¶
func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from GCP Secret Manager and returns the formatted data The path is of format `projects/project-id/secrets/secret-id`
func (*GCPSecretManager) Login ¶
func (a *GCPSecretManager) Login() error
Login does nothing as a "login" is handled on the instantiation of the Google SDK
type IBMSecretsManager ¶
type IBMSecretsManager struct { Client IBMSecretsManagerClient // contains filtered or unexported fields }
IBMSecretsManager is a struct for working with IBM Secret Manager
func NewIBMSecretsManagerBackend ¶
func NewIBMSecretsManagerBackend(client IBMSecretsManagerClient) *IBMSecretsManager
NewIBMSecretsManagerBackend initializes a new IBM Secret Manager backend
func (*IBMSecretsManager) GetIndividualSecret ¶
func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend This requires listing the secrets of the group to obtain the id, and then using that to grab the one secret's payload
func (*IBMSecretsManager) GetSecrets ¶
func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets returns the data for all secrets of a specific type of a group in IBM Secrets Manager
func (*IBMSecretsManager) Login ¶
func (i *IBMSecretsManager) Login() error
Login does nothing since the IBM Secrets Manager client is setup on instantiation
type IBMSecretsManagerClient ¶
type IBMSecretsManagerClient interface { ListAllSecrets(listAllSecretsOptions *ibmsm.ListAllSecretsOptions) (result *ibmsm.ListSecrets, response *core.DetailedResponse, err error) GetSecret(getSecretOptions *ibmsm.GetSecretOptions) (result *ibmsm.GetSecret, response *core.DetailedResponse, err error) GetSecretVersion(getSecretOptions *ibmsm.GetSecretVersionOptions) (result *ibmsm.GetSecretVersion, response *core.DetailedResponse, err error) }
IBMSecretsManagerClient is an interface for any client to the IBM Secrets Manager These are only the methods we need
type LocalSecretManager ¶
type LocalSecretManager struct {
Decrypt decryptFunc
}
LocalSecretManager is a struct for working with local files Receives a function that knows how to decrypt the file, f.ex. using sops
func NewLocalSecretManagerBackend ¶
func NewLocalSecretManagerBackend(decrypt decryptFunc) *LocalSecretManager
NewLocalSecretManagerBackend initializes a new local secret backend
func (*LocalSecretManager) GetIndividualSecret ¶
func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the backend For local secrets, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
func (*LocalSecretManager) GetSecrets ¶
func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets using decrypt function and returns the formatted data
func (*LocalSecretManager) Login ¶
func (a *LocalSecretManager) Login() error
Login does nothing as a "login" is handled by environment
type SecretManagerClient ¶
type SecretManagerClient interface {
AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}
type Vault ¶
Vault is a struct for working with a Vault backend
func NewVaultBackend ¶
NewVaultBackend initializes a new Vault Backend
func (*Vault) GetIndividualSecret ¶
func (v *Vault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Vault, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want
type YandexCloudLockbox ¶ added in v1.9.0
type YandexCloudLockbox struct {
// contains filtered or unexported fields
}
YandexCloudLockbox is a struct for working with a Yandex Cloud lockbox backend
func NewYandexCloudLockboxBackend ¶ added in v1.9.0
func NewYandexCloudLockboxBackend(client lockbox.PayloadServiceClient) *YandexCloudLockbox
NewYandexCloudLockboxBackend initializes a new Yandex Cloud lockbox backend
func (*YandexCloudLockbox) GetIndividualSecret ¶ added in v1.9.0
func (ycl *YandexCloudLockbox) GetIndividualSecret(secretID, key, version string, _ map[string]string) (interface{}, error)
GetIndividualSecret will get the specific secret (placeholder) from the lockbox backend
func (*YandexCloudLockbox) GetSecrets ¶ added in v1.9.0
func (ycl *YandexCloudLockbox) GetSecrets(secretID string, version string, _ map[string]string) (map[string]interface{}, error)
GetSecrets gets secrets from lockbox and returns the formatted data
func (*YandexCloudLockbox) Login ¶ added in v1.9.0
func (ycl *YandexCloudLockbox) Login() error
Login does nothing as a "login" is handled on the instantiation of the lockbox