Documentation
¶
Index ¶
- func LoadAADConfigFromBytes(b []byte, s *AADConfig) error
- type AADConfig
- type AZConfig
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadAADConfigFromBytes ¶
LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig. By first decoding it if UTF-16, and then unmarshalling it into the given struct. It returns an error for any failure.
Types ¶
type AADConfig ¶
type AADConfig struct {
AZConfig
TenantID string `json:"tenantId,omitempty"`
ClientID string `json:"clientId,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
ClientCertificate string `json:"clientCertificate,omitempty"`
ClientCertificatePassword string `json:"clientCertificatePassword,omitempty"`
ClientCertificateSendChain bool `json:"clientCertificateSendChain,omitempty"`
AuthorityHost string `json:"authorityHost,omitempty"`
}
AADConfig contains the selection of fields from an Azure authentication file required for Active Directory authentication.
func (*AADConfig) GetAuthorityHost ¶
func (s *AADConfig) GetAuthorityHost() azidentity.AuthorityHost
GetAuthorityHost returns the AuthorityHost, or the Azure Public Cloud default.
func (*AADConfig) SetToken ¶
SetToken attempts to configure the token on the MasterKey using the AADConfig values. It detects credentials in the following order:
- azidentity.ClientSecretCredential when `tenantId`, `clientId` and `clientSecret` fields are found.
- azidentity.ClientCertificateCredential when `tenantId`, `clientCertificate` (and optionally `clientCertificatePassword`) fields are found.
- azidentity.ClientSecretCredential when AZConfig fields are found.
- azidentity.ManagedIdentityCredential for a User ID, when a `clientId` field but no `tenantId` is found.
If no set of credentials is found or the azcore.TokenCredential can not be created, an error is returned.
type AZConfig ¶
type AZConfig struct {
AppID string `json:"appId,omitempty"`
Tenant string `json:"tenant,omitempty"`
Password string `json:"password,omitempty"`
}
AZConfig contains the Service Principal fields as generated by `az`. Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal
type MasterKey ¶
type MasterKey struct {
VaultURL string
Name string
Version string
EncryptedKey string
CreationDate time.Time
// contains filtered or unexported fields
}
MasterKey is an Azure Key Vault key used to encrypt and decrypt SOPS' data key. The underlying authentication token can be configured using AADConfig.
func (*MasterKey) Decrypt ¶
Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns the result.
func (*MasterKey) Encrypt ¶
Encrypt takes a SOPS data key, encrypts it with Key Vault and stores the result in the EncryptedKey field.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the provided SOPS' data key and encrypts it if it hasn't been encrypted yet.
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key this master key holds.
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not.
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted data key for this master key.
Source Files