secretstores

package
v1.1.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 25, 2021 License: MIT Imports: 0 Imported by: 41

README

Secret Stores

Secret Stores provide a common way to interact with different secret stores, cloud/edge/commercial or open-source.

Currently supported secret stores are:

  • Kubernetes
  • Hashicorp Vault
  • Azure KeyVault
  • AWS Secret manager
  • GCP Cloud KMS
  • GCP Secret Manager

Implementing a new Secret Store

A compliant secret store needs to implement the following interface:

type SecretStore interface {
  // Init authenticates with the actual secret store and performs other init operation
  Init(metadata Metadata) error

  // GetSecret retrieves a secret using a key and returns a map of decrypted string/string values
  GetSecret(req GetSecretRequest) (GetSecretResponse, error)

  // BulkGetSecrets retrieves all secrets in the store and returns a map of decrypted string/string values
  BulkGetSecret(req BulkGetSecretRequest) (BulkGetSecretResponse, error)
}

Documentation

Index

Constants

View Source
const DefaultSecretRefKeyName = "_value"

DefaultSecretRefKeyName is the default key if secretKeyRef.key is not given

Variables

This section is empty.

Functions

This section is empty.

Types

type BulkGetSecretRequest added in v1.0.0

type BulkGetSecretRequest struct {
	Metadata map[string]string `json:"metadata"`
}

BulkGetSecretRequest describes a bulk get secret request from a secret store

type BulkGetSecretResponse added in v1.0.0

type BulkGetSecretResponse struct {
	Data map[string]map[string]string `json:"data"`
}

BulkGetSecretResponse describes the response object for all the secrets returned from a secret store

type GetSecretRequest

type GetSecretRequest struct {
	Name     string            `json:"name"`
	Metadata map[string]string `json:"metadata"`
}

GetSecretRequest describes a get secret request from a secret store.

type GetSecretResponse

type GetSecretResponse struct {
	Data map[string]string `json:"data"`
}

GetSecretResponse describes the response object for a secret returned from a secret store

type Metadata

type Metadata struct {
	Properties map[string]string `json:"properties,omitempty"`
}

Metadata contains a secretstore specific set of metadata properties

type SecretStore

type SecretStore interface {
	// Init authenticates with the actual secret store and performs other init operation
	Init(metadata Metadata) error
	// GetSecret retrieves a secret using a key and returns a map of decrypted string/string values
	GetSecret(req GetSecretRequest) (GetSecretResponse, error)
	// BulkGetSecrets retrieves all secrets in the store and returns a map of decrypted string/string values
	BulkGetSecret(req BulkGetSecretRequest) (BulkGetSecretResponse, error)
}

SecretStore is the interface for a component that handles secrets management

Directories

Path Synopsis
aws
azure
gcp
hashicorp
local
env

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL