Documentation ¶
Index ¶
- func GenerateRandomUUIDV5() string
- type BelaurVault
- type CA
- func (c *CA) CleanupCerts(crt, key string) error
- func (c *CA) CreateSignedCert() (string, string, error)
- func (c *CA) CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error)
- func (c *CA) GenerateTLSConfig(certPath, keyPath string) (*tls.Config, error)
- func (c *CA) GetCACertPath() (string, string)
- type CAAPI
- type FileVaultStorer
- type Vault
- type VaultStorer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateRandomUUIDV5 ¶
func GenerateRandomUUIDV5() string
GenerateRandomUUIDV5 will return a 32bit random seeded UUID based on a randomly generated UUID v4.
Types ¶
type BelaurVault ¶
type BelaurVault interface { LoadSecrets() error GetAll() []string SaveSecrets() error Add(key string, value []byte) Remove(key string) Get(key string) ([]byte, error) }
BelaurVault defines a set of apis that a Vault must provide in order to be a Bhojpur Belaur Vault.
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA represents one generated CA.
func (*CA) CleanupCerts ¶
CleanupCerts removes certificates at the given path.
func (*CA) CreateSignedCert ¶
CreateSignedCert creates a new key pair which is signed by the CA.
func (*CA) CreateSignedCertWithValidOpts ¶
func (c *CA) CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error)
CreateSignedCertWithValidOpts creates a signed certificate by the CA. It accepts hoursBeforeValid and hoursAfterValid.
func (*CA) GenerateTLSConfig ¶
GenerateTLSConfig generates a new TLS config based on given certificate path and key path.
func (*CA) GetCACertPath ¶
GetCACertPath returns the path to the cert and key from the root CA.
type CAAPI ¶
type CAAPI interface { // CreateSignedCert creates a new signed certificate. // First return param is the public cert. // Second return param is the private key. CreateSignedCert() (string, string, error) // CreateSignedCertWithValidOpts create a new signed certificate // with the given options. // First return param is the public cert. // Second return param is the private key. CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error) // GenerateTLSConfig generates a TLS config. // It requires the path to the cert and the key. GenerateTLSConfig(certPath, keyPath string) (*tls.Config, error) // CleanupCerts cleans up the certs at the given path. CleanupCerts(crt, key string) error // GetCACertPath returns the public cert and private key // of the CA. GetCACertPath() (string, string) }
CAAPI represents the interface used to handle certificates.
type FileVaultStorer ¶
type FileVaultStorer struct {
// contains filtered or unexported fields
}
FileVaultStorer implements VaultStorer as a simple file based storage device.
func (*FileVaultStorer) Init ¶
func (fvs *FileVaultStorer) Init() error
Init initializes the FileVaultStorer.
func (*FileVaultStorer) Read ¶
func (fvs *FileVaultStorer) Read() ([]byte, error)
Read defines a read for the FileVaultStorer.
func (*FileVaultStorer) Write ¶
func (fvs *FileVaultStorer) Write(data []byte) error
Write defines a read for the FileVaultStorer.
type Vault ¶
Vault is a secret storage for data that Bhojpur Belaur needs to store encrypted.
func NewVault ¶
func NewVault(ca CAAPI, storer VaultStorer) (*Vault, error)
NewVault creates a vault which is a simple k/v storage medium with AES encryption. The format is: KEY=VALUE KEY2=VALUE2 NewVault also can take a storer which is an implementation of VaultStorer. This defines a storage medium for the vault. If it's left to nil the vault will use a default FileVaultStorer.
func (*Vault) Add ¶
Add adds a value to the vault. This operation is safe to use concurrently. Add will overwrite if the key already exists and not warn.
func (*Vault) Get ¶
Get returns a value for a key. This operation is safe to use concurrently. Get will return an error if the data doesn't exist.
func (*Vault) LoadSecrets ¶
LoadSecrets decrypts the contents of the vault and fills up a map of data to work with.
func (*Vault) Remove ¶
Remove removes a key from the vault. This operation is safe to use concurrently. Remove is a no-op if the data doesn't exist.
func (*Vault) SaveSecrets ¶
SaveSecrets encrypts data passed to the vault in a k/v format and saves it to the vault file.
type VaultStorer ¶
type VaultStorer interface { // Init initializes the medium by creating the file, or bootstrapping the // db or simply setting up an in-memory mock storage device. The Init // function of a storage medium should be idempotent. Meaning it should // be callable multiple times without changing the underlying medium. Init() error // Read will read bytes from the storage medium and return it to the caller. Read() (data []byte, err error) // Write will store the passed in encrypted data. How, is up to the implementor. Write(data []byte) error }
VaultStorer defines a storage medium for the Vault.