secrets

package
v1.0.0-beta Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 26, 2023 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package secrets provides functions for retrieving local and remote secrets and interpolating them into configuration files

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Get 

func Get(ctx context.Context, secret string) (string, error)

Get retrieves a secret from these locations (in order):

- Environment variables (SECRETS_ENV)

- AWS Secrets Manager (SECRETS_AWS)

Secret identification relies on the naming convention SECRETS_[LOCATION]:[NAME] so that select components of the system can identify and parse secrets. Secrets should only be put into configurations and never in data or objects that flow through the system. Not all components will use secrets; if the component does, then it will self-identify its support in documentation.

If a secret is found, then it is stored in memory for up to 15 minutes; if no secret is found, then errSecretNotFound is returned. This function is safe for concurrent access.

Example (AWS) 
package main

import (
	"context"
	"fmt"

	"github.com/brexhq/substation/internal/secrets"
)

func main() {
	// secrets stored in AWS Secrets Manager always begin with
	// "SECRETS_AWS" and end with the name of the secret.
	secret, err := secrets.Get(context.TODO(), "SECRETS_AWS:FOO")
	if err != nil {
		// handle err
		panic(err)
	}

	fmt.Println(secret)
}

Output:
Example (Env) 
package main

import (
	"context"
	"fmt"
	"os"

	"github.com/brexhq/substation/internal/secrets"
)

func main() {
	// simulating a "secret" stored in an environment variable
	//nolint: tenv // not actually a test
	_ = os.Setenv("FOO", "bar")
	defer os.Unsetenv("FOO")

	// secrets stored in environment variables always begin with
	// "SECRETS_ENV" and end with the environment variable the
	// secret is in.
	secret, err := secrets.Get(context.TODO(), "SECRETS_ENV:FOO")
	if err != nil {
		// handle err
		panic(err)
	}

	fmt.Println(secret)
}

Output:

bar

func Interpolate 

func Interpolate(ctx context.Context, s string) (string, error)

Interpolate identifies when a string contains one or more secrets and interpolates each secret with the string. This function uses the same convention as the standard library's regexp package for capturing named groups (${name}).

For example, if the string is "/path/to/{SECRETS_ENV:FOO}" and BAR is the secret stored in the environment variable FOO, then the interpolated string is "/path/to/BAR".

Multiple secrets can be stored in a single string; if the string is "/path/to/{SECRETS_ENV:FOO}/{SECRETS_ENV:BAZ}", then the interpolated string is "/path/to/BAR/QUX".

If more than one interpolation function is applied to a string (e.g., non-secrets capture groups), then this function must be called first.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.