secret

package
v0.14.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package secret provides the ability for Vela to integrate with different supported Secret backends.

Usage:

import "github.com/go-vela/server/secret"

Index

Constants

This section is empty.

Variables

View Source
var Flags = []cli.Flag{

	&cli.BoolFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT", "SECRET_VAULT"},
		FilePath: "/vela/secret/vault/driver",
		Name:     "secret.vault.driver",
		Usage:    "enables the vault secret driver",
	},
	&cli.StringFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_ADDR", "SECRET_VAULT_ADDR"},
		FilePath: "/vela/secret/vault/addr",
		Name:     "secret.vault.addr",
		Usage:    "fully qualified url (<scheme>://<host>) for the vault system",
	},
	&cli.StringFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_AUTH_METHOD", "SECRET_VAULT_AUTH_METHOD"},
		FilePath: "/vela/secret/vault/auth_method",
		Name:     "secret.vault.auth-method",
		Usage:    "authentication method used to obtain token from vault system",
	},
	&cli.StringFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_AWS_ROLE", "SECRET_VAULT_AWS_ROLE"},
		FilePath: "/vela/secret/vault/aws_role",
		Name:     "secret.vault.aws-role",
		Usage:    "vault role used to connect to the auth/aws/login endpoint",
	},
	&cli.StringFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_PREFIX", "SECRET_VAULT_PREFIX"},
		FilePath: "/vela/secret/vault/prefix",
		Name:     "secret.vault.prefix",
		Usage:    "prefix for k/v secrets in vault system e.g. secret/data/<prefix>/<path>",
	},
	&cli.DurationFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_RENEWAL", "SECRET_VAULT_RENEWAL"},
		FilePath: "/vela/secret/vault/renewal",
		Name:     "secret.vault.renewal",
		Usage:    "frequency which the vault token should be renewed",
		Value:    30 * time.Minute,
	},
	&cli.StringFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_TOKEN", "SECRET_VAULT_TOKEN"},
		FilePath: "/vela/secret/vault/token",
		Name:     "secret.vault.token",
		Usage:    "token used to access vault system",
	},
	&cli.StringFlag{
		EnvVars:  []string{"VELA_SECRET_VAULT_VERSION", "SECRET_VAULT_VERSION"},
		FilePath: "/vela/secret/vault/version",
		Name:     "secret.vault.version",
		Usage:    "version for the kv backend for the vault system",
		Value:    "2",
	},
}

Flags represents all supported command line interface (CLI) flags for the secret.

https://pkg.go.dev/github.com/urfave/cli?tab=doc#Flag

Functions

func ToContext

func ToContext(c Setter, key string, s Service)

ToContext adds the secret Service to this context if it supports the Setter interface.

Types

type Service

type Service interface {

	// Driver defines a function that outputs
	// the configured source driver.
	Driver() string

	// Get defines a function that captures a secret.
	Get(string, string, string, string) (*library.Secret, error)
	// List defines a function that captures a list of secrets.
	List(string, string, string, int, int, []string) ([]*library.Secret, error)
	// Count defines a function that counts a list of secrets.
	Count(string, string, string, []string) (int64, error)
	// Create defines a function that creates a new secret.
	Create(string, string, string, *library.Secret) error
	// Update defines a function that updates an existing secret.
	Update(string, string, string, *library.Secret) error
	// Delete defines a function that deletes a secret.
	Delete(string, string, string, string) error
}

Service represents the interface for Vela integrating with the different supported secret providers.

func FromContext

func FromContext(c context.Context, key string) Service

FromContext returns the secret Service associated with this context.

func New added in v0.8.0

func New(s *Setup) (Service, error)

nolint: godot // top level comment ends in a list

New creates and returns a Vela service capable of integrating with the configured secret provider.

Currently the following secret providers are supported:

* Native * Vault

type Setter

type Setter interface {
	Set(string, interface{})
}

Setter defines a context that enables setting values.

type Setup added in v0.8.0

type Setup struct {

	// specifies the driver to use for the secret client
	Driver string

	// specifies the database service to use for the secret client
	Database database.Service

	// specifies the address to use for the secret client
	Address string
	// specifies the authentication method to use for the secret client
	AuthMethod string
	// specifies the AWS role to use for the secret client
	AwsRole string
	// specifies the prefix to use for the secret client
	Prefix string
	// specifies the token to use for the secret client
	Token string
	// specifies the token duration to use for the secret client
	TokenDuration time.Duration
	// specifies the version to use for the secret client
	Version string
}

Setup represents the configuration necessary for creating a Vela service capable of integrating with a configured secret system.

func (*Setup) Native added in v0.8.0

func (s *Setup) Native() (Service, error)

Native creates and returns a Vela service capable of integrating with a Native (Database) secret system.

func (*Setup) Validate added in v0.8.0

func (s *Setup) Validate() error

Validate verifies the necessary fields for the provided configuration are populated correctly.

func (*Setup) Vault added in v0.8.0

func (s *Setup) Vault() (Service, error)

Vault creates and returns a Vela service capable of integrating with a Hashicorp Vault secret system.

Directories

Path Synopsis
Package native provides the ability for Vela to integrate with the Database as a secret backend.
Package native provides the ability for Vela to integrate with the Database as a secret backend.
Package vault provides the ability for Vela to integrate with HashiCorp Vault as a secret backend.
Package vault provides the ability for Vela to integrate with HashiCorp Vault as a secret backend.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL