README
¶
caddy-security-secrets-static-secrets-manager
Caddy Security Secrets Plugin for statically configured secrets.
Table of Contents
Getting Started
Generate Secrets
Please follow this doc to generate secrets.
Building Caddy
For secrets static_secrets_manager directives to work, build caddy with the
latest version of this plugin.
xcaddy build ... \
--with github.com/greenpau/caddy-security-secrets-static-secrets-manager@latest
Caddyfile Usage
Without Plugin
The following is a snippet of Caddyfile without the use of this plugin.
{
security {
local identity store localdb {
realm local
path /etc/caddy/users.json
user jsmith {
name John Smith
email jsmith@localhost.localdomain
password "bcrypt:10:$2a$10$iqq53VjdCwknBSBrnyLd9OH1Mfh6kqPezMMy6h6F41iLdVDkj13I6" overwrite
roles authp/admin authp/user
}
}
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify b006d65b-c923-46a1-8da1-7d52558508fe
enable identity store localdb
}
}
}
Plugin Configuration
Now, here is the configuration using secrets retrieved from locally configured secrets:
{
security {
secrets static_secrets_manager access_token {
shared_secret b006d65b-c923-46a1-8da1-7d52558508fe
}
secrets static_secrets_manager users/jsmith {
name "John Smith"
email "jsmith@localhost.localdomain"
password "bcrypt:10:$2a$10$iqq53VjdCwknBSBrnyLd9OH1Mfh6kqPezMMy6h6F41iLdVDkj13I6"
api_key "bcrypt:10:$2a$10$TEQ7ZG9cAdWwhQK36orCGOlokqQA55ddE0WEsl00oLZh567okdcZ6"
}
local identity store localdb {
realm local
path users.json
user jsmith {
name "secrets:users/jsmith:name"
email "secrets:users/jsmith:email"
password "secrets:users/jsmith:password" overwrite
api_key "secrets:users/jsmith:api_key" overwrite
roles authp/admin authp/user
}
}
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify "secrets:access_token:shared_secret"
enable identity store localdb
}
}
}
Documentation
¶
Index ¶
- type Config
- type Plugin
- func (Plugin) CaddyModule() caddy.ModuleInfo
- func (p *Plugin) GetConfig(ctx context.Context) map[string]interface{}
- func (p *Plugin) GetSecret(ctx context.Context) (map[string]interface{}, error)
- func (p *Plugin) GetSecretByKey(ctx context.Context, key string) (interface{}, error)
- func (p *Plugin) Provision(ctx caddy.Context) error
- func (p *Plugin) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
- func (p *Plugin) Validate() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ID string `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
Secret map[string]interface{} `json:"secret,omitempty" xml:"secret,omitempty" yaml:"secret,omitempty"`
}
Config represents provisioned configuration value of statically configured secret.
type Plugin ¶
type Plugin struct {
Name string `json:"-"`
ConfigRaw json.RawMessage `json:"config,omitempty" caddy:"namespace=security.secrets.static_secrets_manager"`
Config Config `json:"-"`
// contains filtered or unexported fields
}
Plugin manages statically configured secrets.
func (Plugin) CaddyModule ¶
func (Plugin) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*Plugin) GetSecretByKey ¶
GetSecretByKey returns a value of key in the secret key-value map.
func (*Plugin) UnmarshalCaddyfile ¶
UnmarshalCaddyfile implements caddyfile.Unmarshaler.
Source Files
Click to show internal directories.
Click to hide internal directories.