sops

package

v0.0.0-...-cb937e8 Latest Latest Go to latest Published: Jan 25, 2024 License: Apache-2.0 Imports: 24 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/buttahtoast/pkg

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type SOPSDecryptor
- func NewSOPSDecryptor(config decryptors.DecryptorConfig, gnuPGHome string) *SOPSDecryptor
- func NewSOPSTempDecryptor(config decryptors.DecryptorConfig) (*SOPSDecryptor, func(), error)

Constants ¶

View Source

const (
	// DecryptionProviderSOPS is the SOPS provider name.
	DecryptionProviderSOPS = "sops"
	// DecryptionPGPExt is the extension of the file containing an armored PGP
	// key.
	DecryptionPGPExt = ".asc"
	// DecryptionAgeExt is the extension of the file containing an age key
	// file.
	DecryptionAgeExt = ".agekey"
	// DecryptionVaultTokenFileName is the name of the file containing the
	// Hashicorp Vault token.
	DecryptionVaultTokenFileName = "sops.vault-token"
	// DecryptionAWSKmsFile is the name of the file containing the AWS KMS
	// credentials.
	DecryptionAWSKmsFile = "sops.aws-kms"
	// DecryptionAzureAuthFile is the name of the file containing the Azure
	// credentials.
	DecryptionAzureAuthFile = "sops.azure-kv"
	// DecryptionGCPCredsFile is the name of the file containing the GCP
	// credentials.
	DecryptionGCPCredsFile = "sops.gcp-kms"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SOPSDecryptor ¶

type SOPSDecryptor struct {

	// Interface decryptor config
	Config decryptors.DecryptorConfig
	// contains filtered or unexported fields
}

Decryptor performs decryption operations for a v1.Kustomization. The only supported decryption provider at present is DecryptionProviderSOPS.

func NewSOPSDecryptor ¶

func NewSOPSDecryptor(config decryptors.DecryptorConfig, gnuPGHome string) *SOPSDecryptor

NewDecryptor creates a new Decryptor for the given kustomization. gnuPGHome can be empty, in which case the systems' keyring is used.

func NewSOPSTempDecryptor ¶

func NewSOPSTempDecryptor(config decryptors.DecryptorConfig) (*SOPSDecryptor, func(), error)

NewTempDecryptor creates a new Decryptor, with a temporary GnuPG home directory to Decryptor.ImportKeys() into.

func (*SOPSDecryptor) AddAgeKey ¶

func (d *SOPSDecryptor) AddAgeKey(key []byte) error

AddAgeKey to the decryptor's identities.

func (*SOPSDecryptor) AddGPGKey ¶

func (d *SOPSDecryptor) AddGPGKey(key []byte) error

AddGPGKey adds given GPG key to the decryptor's keyring.

func (*SOPSDecryptor) Decrypt ¶

func (d *SOPSDecryptor) Decrypt(data []byte) (content map[string]interface{}, err error)

Read reads the input data, decrypts it, and returns the decrypted data.

func (*SOPSDecryptor) IsEncrypted ¶

func (d *SOPSDecryptor) IsEncrypted(data []byte) (bool, error)

IsEncrypted returns true if the given data is encrypted by SOPS.

func (*SOPSDecryptor) KeysFromSecret ¶

func (d *SOPSDecryptor) KeysFromSecret(secretName string, namespace string, client *kubernetes.Clientset, ctx context.Context) (err error)

func (*SOPSDecryptor) RemoveKeyRing ¶

func (d *SOPSDecryptor) RemoveKeyRing() error

Only call this for Temporary Decryptors

func (*SOPSDecryptor) SetAWSCredentials ¶

func (d *SOPSDecryptor) SetAWSCredentials(token []byte) (err error)

SetAWSCredentials adds AWS credentials for the decryptor. Reference: https://github.com/getsops/sops#aws-kms-encryption-context

func (*SOPSDecryptor) SetAzureCredentials ¶

func (d *SOPSDecryptor) SetAzureCredentials(config []byte) (err error)

SetAzureAuthFile adds AWS credentials for the decryptor.

func (*SOPSDecryptor) SetGCPCredentials ¶

func (d *SOPSDecryptor) SetGCPCredentials(config []byte)

SetGCPCredentials adds GCP credentials for the decryptor.

func (*SOPSDecryptor) SetVaultToken ¶

func (d *SOPSDecryptor) SetVaultToken(token []byte)

SetVaultToken sets the Vault token for the decryptor.

func (*SOPSDecryptor) SopsDecryptWithFormat ¶

func (d *SOPSDecryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) (_ []byte, err error)

SopsDecryptWithFormat attempts to load a SOPS encrypted file using the store for the input format, gathers the data key for it from the key service, and then decrypts the file data with the retrieved data key. It returns the decrypted bytes in the provided output format, or an error.

Source Files ¶

View all Source files

sops.go

Directories ¶

Path	Synopsis
kustomize-controller
age
awskms
azkv
gcpkms
hcvault
keyservice
pgp

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL