Documentation ¶
Overview ¶
Package credential defines interfaces shared by other packages that manage credentials for Boundary sessions.
Index ¶
- Constants
- Variables
- func GetOpts(opt ...Option) (*options, error)
- func NewJsonCredentialId(ctx context.Context) (string, error)
- func NewSshPrivateKeyCredentialId(ctx context.Context) (string, error)
- func NewUsernamePasswordCredentialId(ctx context.Context) (string, error)
- type Credential
- type Dynamic
- type Issuer
- type JsonObject
- type Library
- type Option
- type Password
- type PrivateKey
- type Purpose
- type Request
- type Revoker
- type SecretData
- type SshCertificate
- type SshPrivateKey
- type Static
- type Store
- type Type
- type UsernamePassword
Constants ¶
const ( UsernamePasswordCredentialPrefix = "credup" PreviousUsernamePasswordCredentialPrefix = "cred" UsernamePasswordSubtype = subtypes.Subtype("username_password") SshPrivateKeyCredentialPrefix = "credspk" SshPrivateKeySubtype = subtypes.Subtype("ssh_private_key") JsonCredentialPrefix = "credjson" JsonSubtype = subtypes.Subtype("json") )
const Domain = "credential"
Domain defines the domain for the credential package.
Variables ¶
var ValidPurposes = []Purpose{ BrokeredPurpose, InjectedApplicationPurpose, }
ValidPurposes are the set of all credential Purposes.
Functions ¶
func NewJsonCredentialId ¶ added in v0.11.0
func NewSshPrivateKeyCredentialId ¶ added in v0.10.0
Types ¶
type Credential ¶
type Credential interface { boundary.Entity Secret() SecretData }
Credential is an entity containing secret data.
type Dynamic ¶
type Dynamic interface { Credential GetSessionId() string Library() Library Purpose() Purpose }
Dynamic is a credential generated by a library for a specific session.
type Issuer ¶
type Issuer interface { // Issue issues dynamic credentials for a session from the requested // libraries and for the requested purposes. The sessionId must be a // valid sessionId. The SourceId in each request must be the public id // of a library the Issuer can issue credentials from. // // If Issue encounters an error, it returns no credentials and revokes // any credentials issued before encountering the error. // // Supported Options: WithTemplateData Issue(ctx context.Context, sessionId string, requests []Request, opt ...Option) ([]Dynamic, error) }
Issuer issues dynamic credentials.
type JsonObject ¶ added in v0.11.0
JsonObject represents a JSON object that is serialized.
func (*JsonObject) GoString ¶ added in v0.11.0
func (s *JsonObject) GoString() string
GoString returns a string with the json secret redacted.
func (*JsonObject) MarshalJSON ¶ added in v0.11.0
func (s *JsonObject) MarshalJSON() ([]byte, error)
MarshalJSON returns a JSON-encoded byte slice with the json redacted.
func (*JsonObject) String ¶ added in v0.11.0
func (s *JsonObject) String() string
String returns a string with the json secret redacted.
type Library ¶
A Library is a resource that provides credentials that are of the same type and access level from a single store.
type Option ¶ added in v0.11.1
type Option func(*options) error
Option - how Options are passed as arguments.
func WithTemplateData ¶ added in v0.11.1
WithTemplateData provides a way to pass in template information
type Password ¶ added in v0.6.1
type Password string
Password represents a secret password.
func (Password) MarshalJSON ¶ added in v0.6.1
MarshalJSON returns a JSON-encoded string with the password redacted.
type PrivateKey ¶ added in v0.6.1
type PrivateKey []byte
PrivateKey represents a secret private key.
func (PrivateKey) GoString ¶ added in v0.6.1
func (s PrivateKey) GoString() string
GoString returns a string with the private key redacted.
func (PrivateKey) MarshalJSON ¶ added in v0.6.1
func (s PrivateKey) MarshalJSON() ([]byte, error)
MarshalJSON returns a JSON-encoded byte slice with the private key redacted.
func (PrivateKey) String ¶ added in v0.6.1
func (s PrivateKey) String() string
String returns a string with the private key redacted.
type Purpose ¶
type Purpose string
Purpose is the purpose of the credential.
const ( // BrokeredPurpose is a credential used for brokering specific // purposes. Brokered credentials are returned to the user. BrokeredPurpose Purpose = "brokered" // InjectedApplicationPurpose is a credential used by a boundary // worker to secure the connection between the worker and the endpoint. // Injected Application credentials are never returned to the user. InjectedApplicationPurpose Purpose = "injected_application" )
Credential purpose values.
type Request ¶
A Request represents a request for a credential from the SourceId for the given purpose. For dynamic credentials, the SourceId is the PublicId of a credential library.
type Revoker ¶
type Revoker interface { // Revoke revokes the dynamic credentials issued for sessionid. Revoke(ctx context.Context, sessionId string) error }
Revoker revokes dynamic credentials.
type SshCertificate ¶ added in v0.12.0
type SshCertificate interface { SshPrivateKey Certificate() []byte }
SshCertificate is a credential containing a client certificate, username, and SSH private key.
type SshPrivateKey ¶ added in v0.10.0
type SshPrivateKey interface { Credential Username() string PrivateKey() PrivateKey PrivateKeyPassphrase() []byte }
SshPrivateKey is a credential containing a username an SSH private key and an optional private key passphrase.
type Static ¶ added in v0.9.0
Static is a static credential that is stored directly in a credential store.
type Store ¶
A Store is a resource that can store, retrieve, and potentially generate credentials of differing types and access levels. It belongs to a project and must support the principle of least privilege by providing mechanisms to limit the credentials it can access to the minimum necessary for the project it is in.
type UsernamePassword ¶ added in v0.9.0
type UsernamePassword interface { Credential Username() string Password() Password }
UsernamePassword is a credential containing a username and a password.
Directories ¶
Path | Synopsis |
---|---|
Package static implements a credential store for static credentials.
|
Package static implements a credential store for static credentials. |
Package vault provides access to credentials retrieved from a Vault server.
|
Package vault provides access to credentials retrieved from a Vault server. |
internal/sshprivatekey
Package sshprivatekey provides access to the username and ssh private key stored in a Vault secret.
|
Package sshprivatekey provides access to the username and ssh private key stored in a Vault secret. |
internal/usernamepassword
Package usernamepassword provides access to the username and password stored in a Vault secret.
|
Package usernamepassword provides access to the username and password stored in a Vault secret. |