credential

Documentation

Overview

Package credential defines interfaces shared by other packages that manage credentials for Boundary sessions.

Index

• Constants
• Variables
• func NewSshPrivateKeyCredentialId(ctx context.Context) (string, error)
• func NewUsernamePasswordCredentialId(ctx context.Context) (string, error)
• type Credential
• type Dynamic
• type Issuer
• type Library
• type Password
  • func (s Password) GoString() string
  • func (s Password) MarshalJSON() ([]byte, error)
  • func (s Password) String() string
• type PrivateKey
  • func (s PrivateKey) GoString() string
  • func (s PrivateKey) MarshalJSON() ([]byte, error)
  • func (s PrivateKey) String() string
• type Purpose
  • func (p Purpose) String() string
• type Request
• type Revoker
• type SecretData
• type SshPrivateKey
• type Static
• type Store
• type Type
• type UsernamePassword

Constants

const (
	UsernamePasswordCredentialPrefix         = "credup"
	PreviousUsernamePasswordCredentialPrefix = "cred"
	UsernamePasswordSubtype                  = subtypes.Subtype("username_password")

	SshPrivateKeyCredentialPrefix = "credspk"
	SshPrivateKeySubtype          = subtypes.Subtype("ssh_private_key")
)

const Domain = "credential"

Domain defines the domain for the credential package.

Variables

var ValidPurposes = []Purpose{
	BrokeredPurpose,
	InjectedApplicationPurpose,
}

ValidPurposes are the set of all credential Purposes.

Functions

func NewSshPrivateKeyCredentialId

func NewSshPrivateKeyCredentialId(ctx context.Context) (string, error)

func NewUsernamePasswordCredentialId

func NewUsernamePasswordCredentialId(ctx context.Context) (string, error)

Types

type Credential

type Credential interface {
	boundary.Entity
	Secret() SecretData
}

Credential is an entity containing secret data.

type Dynamic

type Dynamic interface {
	Credential
	GetSessionId() string
	Library() Library
	Purpose() Purpose
}

Dynamic is a credential generated by a library for a specific session.

type Issuer

type Issuer interface {
	// Issue issues dynamic credentials for a session from the requested
	// libraries and for the requested purposes. The sessionId must be a
	// valid sessionId. The SourceId in each request must be the public id
	// of a library the Issuer can issue credentials from.
	//
	// If Issue encounters an error, it returns no credentials and revokes
	// any credentials issued before encountering the error.
	Issue(ctx context.Context, sessionId string, requests []Request) ([]Dynamic, error)
}

Issuer issues dynamic credentials.

type Library

type Library interface {
	boundary.Resource
	GetStoreId() string
	CredentialType() Type
}

A Library is a resource that provides credentials that are of the same type and access level from a single store.

type Password

type Password string

Password represents a secret password.

func (Password) GoString

func (s Password) GoString() string

GoString returns a string with the password redacted.

func (Password) MarshalJSON

func (s Password) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON-encoded string with the password redacted.

func (Password) String

func (s Password) String() string

String returns a string with the password redacted.

type PrivateKey

type PrivateKey []byte

PrivateKey represents a secret private key.

func (PrivateKey) GoString

func (s PrivateKey) GoString() string

GoString returns a string with the private key redacted.

func (PrivateKey) MarshalJSON

func (s PrivateKey) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON-encoded byte slice with the private key redacted.

func (PrivateKey) String

func (s PrivateKey) String() string

String returns a string with the private key redacted.

type Purpose

type Purpose string

Purpose is the purpose of the credential.

const (
	// BrokeredPurpose is a credential used for brokering specific
	// purposes. Brokered credentials are returned to the user.
	BrokeredPurpose Purpose = "brokered"

	// InjectedApplicationPurpose is a credential used by a boundary
	// worker to secure the connection between the worker and the endpoint.
	// Injected Application credentials are never returned to the user.
	InjectedApplicationPurpose Purpose = "injected_application"
)

Credential purpose values.

func (Purpose) String

func (p Purpose) String() string

type Request

type Request struct {
	SourceId string
	Purpose  Purpose
}

A Request represents a request for a credential from the SourceId for the given purpose. For dynamic credentials, the SourceId is the PublicId of a credential library.

type Revoker

type Revoker interface {
	// Revoke revokes the dynamic credentials issued for sessionid.
	Revoke(ctx context.Context, sessionId string) error
}

Revoker revokes dynamic credentials.

type SecretData

type SecretData interface{}

SecretData represents secret data.

type SshPrivateKey

type SshPrivateKey interface {
	Credential
	Username() string
	PrivateKey() PrivateKey
	PrivateKeyPassphrase() []byte
}

SshPrivateKey is a credential containing a username an SSH private key and an optional private key passphrase.

type Static

type Static interface {
	boundary.Resource
	GetStoreId() string
}

Static is a static credential that is stored directly in a credential store.

type Store

type Store interface {
	boundary.Resource
	GetProjectId() string
}

A Store is a resource that can store, retrieve, and potentially generate credentials of differing types and access levels. It belongs to a project and must support the principle of least privilege by providing mechanisms to limit the credentials it can access to the minimum necessary for the project it is in.

type Type

type Type string

Type is the type of credential provided by a library.

const (
	UnspecifiedType      Type = "unspecified"
	UsernamePasswordType Type = "username_password"
	SshPrivateKeyType    Type = "ssh_private_key"
)

Credential type values.

type UsernamePassword

type UsernamePassword interface {
	Credential
	Username() string
	Password() Password
}

UsernamePassword is a credential containing a username and a password.