Documentation ¶
Index ¶
- Constants
- Variables
- func GetEngine(encryptedSecret string) (string, bool, string)
- func IsEncryptedSecret(val string) bool
- func RegisterVaultConfig(vaultConfig VaultConfig) error
- func ToTempFile(content []byte) (string, error)
- type AwsSecretsManagerClient
- type AwsSecretsManagerClientImpl
- type AwsSecretsManagerDecrypter
- type Decrypter
- func NewAwsSecretsManagerDecrypter(ctx context.Context, isFile bool, params string) (Decrypter, error)
- func NewDecrypter(ctx context.Context, encryptedSecret string) (Decrypter, error)
- func NewGcsDecrypter(ctx context.Context, isFile bool, params string) (Decrypter, error)
- func NewNoopDecrypter(ctx context.Context, isFile bool, params string) (Decrypter, error)
- func NewS3Decrypter(ctx context.Context, isFile bool, params string) (Decrypter, error)
- type EnvironmentVariableTokenFetcher
- type GcsDecrypter
- type GcsSecret
- type KubernetesServiceAccountTokenFetcher
- type NoopDecrypter
- type S3Decrypter
- type TokenFetcher
- type UserPassTokenFetcher
- type VaultClient
- type VaultConfig
- type VaultDecrypter
- type VaultSecret
Constants ¶
View Source
const ( Region = "r" SecretName = "s" SecretKey = "k" GenericMalformedKeyError = "" /* 243-byte string literal not displayed */ EncryptedFilesShouldNotSpecifyKeyError = "" /* 139-byte string literal not displayed */ RegionMissingError = "secret format error - 'r' for region is required" SecretNameMissingError = "secret format error - 's' for secret name is required" MalformedKVPairSecretPayload = "malformed kv pair secret payload, expected the payload to be a params value pair map of type: map[string]string" )
View Source
const (
MaxApiRetry = 10
)
Variables ¶
View Source
var Engines = map[string]func(context.Context, bool, string) (Decrypter, error){ "gcs": NewGcsDecrypter, "noop": NewNoopDecrypter, "s3": NewS3Decrypter, "secrets-manager": NewAwsSecretsManagerDecrypter, }
Functions ¶
func GetEngine ¶
GetEngine returns the name of the engine if recognized, the remainder of the parameters (unparsed) and a boolean that indicates if the user requested a file.
func IsEncryptedSecret ¶
func RegisterVaultConfig ¶
func RegisterVaultConfig(vaultConfig VaultConfig) error
func ToTempFile ¶
Types ¶
type AwsSecretsManagerClient ¶
type AwsSecretsManagerClient interface {
FetchSecret(secretName string) (*secretsmanager.GetSecretValueOutput, error)
}
func NewAwsSecretsManagerClient ¶
func NewAwsSecretsManagerClient(region string) (AwsSecretsManagerClient, error)
type AwsSecretsManagerClientImpl ¶
type AwsSecretsManagerClientImpl struct {
// contains filtered or unexported fields
}
func (*AwsSecretsManagerClientImpl) FetchSecret ¶
func (a *AwsSecretsManagerClientImpl) FetchSecret(secretName string) (*secretsmanager.GetSecretValueOutput, error)
type AwsSecretsManagerDecrypter ¶
type AwsSecretsManagerDecrypter struct {
// contains filtered or unexported fields
}
func (*AwsSecretsManagerDecrypter) Decrypt ¶
func (a *AwsSecretsManagerDecrypter) Decrypt() (string, error)
func (*AwsSecretsManagerDecrypter) IsFile ¶
func (a *AwsSecretsManagerDecrypter) IsFile() bool
type Decrypter ¶
func NewDecrypter ¶
func NewGcsDecrypter ¶
func NewNoopDecrypter ¶
type EnvironmentVariableTokenFetcher ¶
type EnvironmentVariableTokenFetcher struct{}
type GcsDecrypter ¶
type GcsDecrypter struct {
// contains filtered or unexported fields
}
func (*GcsDecrypter) Decrypt ¶
func (gcs *GcsDecrypter) Decrypt() (string, error)
func (*GcsDecrypter) IsFile ¶
func (gcs *GcsDecrypter) IsFile() bool
type KubernetesServiceAccountTokenFetcher ¶
type KubernetesServiceAccountTokenFetcher struct {
// contains filtered or unexported fields
}
type NoopDecrypter ¶
type NoopDecrypter struct {
// contains filtered or unexported fields
}
func (*NoopDecrypter) Decrypt ¶
func (n *NoopDecrypter) Decrypt() (string, error)
func (*NoopDecrypter) IsFile ¶
func (n *NoopDecrypter) IsFile() bool
func (*NoopDecrypter) ParseTokens ¶
func (n *NoopDecrypter) ParseTokens(secret string)
type S3Decrypter ¶
type S3Decrypter struct {
// contains filtered or unexported fields
}
func (*S3Decrypter) Decrypt ¶
func (s3 *S3Decrypter) Decrypt() (string, error)
func (*S3Decrypter) IsFile ¶
func (s3 *S3Decrypter) IsFile() bool
type TokenFetcher ¶
type TokenFetcher interface {
// contains filtered or unexported methods
}
type UserPassTokenFetcher ¶
type UserPassTokenFetcher struct {
// contains filtered or unexported fields
}
type VaultClient ¶
type VaultConfig ¶
type VaultConfig struct { Enabled bool `json:"enabled" yaml:"enabled"` Url string `json:"url" yaml:"url"` AuthMethod string `json:"authMethod" yaml:"authMethod"` Role string `json:"role" yaml:"role"` Path string `json:"path" yaml:"path"` Username string `json:"username" yaml:"username"` Password string `json:"password" yaml:"password"` UserAuthPath string `json:"userAuthPath" yaml:"userAuthPath"` Namespace string `json:"namespace" yaml:"namespace"` Token string // no struct tags for token }
func DecodeVaultConfig ¶
func DecodeVaultConfig(vaultYaml map[interface{}]interface{}) (*VaultConfig, error)
type VaultDecrypter ¶
type VaultDecrypter struct {
// contains filtered or unexported fields
}
func (*VaultDecrypter) Decrypt ¶
func (decrypter *VaultDecrypter) Decrypt() (string, error)
func (*VaultDecrypter) IsFile ¶
func (v *VaultDecrypter) IsFile() bool
type VaultSecret ¶
type VaultSecret struct { }
Click to show internal directories.
Click to hide internal directories.