credentials

package
v0.0.39 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2022 License: BSD-3-Clause Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Credentials

type Credentials interface {
	// NewTokenProvider returns a new TokenProvider for the given key
	NewTokenProvider(key string, opts ...TokenOption) TokenProvider
}

func New

func New(thelmaConfig config.Config, thelmaRoot root.Root) (Credentials, error)

New returns a new Credentials instance using a directory store rooted at credentialsDir

func NewWithStore added in v0.0.31

func NewWithStore(store stores.Store) Credentials

NewWithStore returns a new Credentials instance backed by the given store

type TokenOption

type TokenOption func(*TokenOptions)

TokenOption function for configuring a token's Options

type TokenOptions

type TokenOptions struct {
	// EnvVar (optional) environment variable to use for this token. Defaults to key (upper-cased with s/-/_/, eg. "vault-token" -> "VAULT_TOKEN")
	EnvVar string
	// PromptEnabled (optional) if true, user will be prompted to manually enter a token value if one does not exist in credential store.
	PromptEnabled bool
	// PromptMessage (optional) Override default prompt message ("Please enter VAULT_TOKEN: ")
	PromptMessage string
	// ValidateFn (optional) Optional function for validating a token. If supplied, stored credentials will be validated before being returned to caller
	ValidateFn func([]byte) error
	// RefreshFn (optional) Optional function for refreshing a token. Called if a stored credential turns out to be invalid. If an error is returned, IssueFn will be called to issue a new credential.
	RefreshFn func([]byte) ([]byte, error)
	// IssueFn (optional) Optional function for issuing a new token. If supplied, prompt options are ignored.
	IssueFn func() ([]byte, error)
	// CredentialStore (optional) Use a custom credential store instead of the default store (~/.thelma/credentials/$key)
	CredentialStore stores.Store
}

TokenOptions configuration options for a TokenProvider

type TokenProvider

type TokenProvider interface {
	// Get returns the value of the token. Based on the token's options, it will attempt to resolve a value for
	// the token by:
	// (1) Looking it up in environment variables
	// (2) Looking it up in local credential store (~/.thelma/credentials)
	// (3) Issue a new token (if issuer function configured)
	// (4) Prompting user for value (if enabled)
	// If none of the token resolution options succeed an error is returned.
	Get() ([]byte, error)
	// Reissue forces re-issue of the token, without checking environment variables or for a valid existing
	// credential in the store
	Reissue() ([]byte, error)
}

TokenProvider manages a token used for authentication, possibly stored on the local filesystem

func WithMasking added in v0.0.34

func WithMasking(p TokenProvider) TokenProvider

WithMasking decorates TokenProvider by configuring Thelma's logger to mask any secrets it returns

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL