Documentation ¶
Overview ¶
Package agentlib provides ways to create Principals that are backed by the security agent. It implements a client for communicating with an agent process holding the private key for a Principal. It also provides a way to start an agent for a Principal serialized to disk.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadPrincipal ¶
LoadPrincipal loads a principal (private key, BlessingRoots, BlessingStore) from the provided directory using the security agent. If an agent serving the principal is not present, a new one is started as a separate daemon process. The new agent may use os.Stdin and os.Stdout in order to fetch a private key decryption passphrase. If an agent serving the principal is not found and a new one cannot be started, LoadPrincipal tries to load the principal in the current process' address space, which will be exclusive for this process; if that fails too (for example, because the principal is encrypted), an error is returned. The caller should call Close on the returned Principal once it's no longer used, in order to free up resources and allow the agent to terminate once it has no more clients.
func NewAgentPrincipal ¶
NewAgentPrincipal returns a security.Pricipal using the PrivateKey held in a remote agent process.
'path' is the path to the agent socket, typically obtained from os.GetEnv(envvar.AgentAddress).
'timeout' specifies how long to retry connecting to the socket if it's not ready.
The caller should call Close on the returned Principal once it's no longer used, in order to free up resources.
func NewAgentPrincipalX ¶
NewAgentPrincipalX returns a security.Pricipal using the PrivateKey held in a remote agent process.
'path' is the path to the agent socket, typically obtained from os.GetEnv(envvar.AgentAddress). If the socket is not ready, NewAgentPrincipalX retries for a minute before giving up.
The caller should call Close on the returned Principal once it's no longer used, in order to free up resources.
Types ¶
This section is empty.