secrets

package

v0.0.0-...-5c79d48 Latest Latest Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juser0719/teleport

Documentation ¶

Overview ¶

Package secrets implements clients for managing secret values using secret management tools like AWS Secrets Manager.

Index ¶

Constants
func Key(parts ...string) string
type AWSSecretsManager
- func NewAWSSecretsManager(cfg AWSSecretsManagerConfig) (*AWSSecretsManager, error)
type AWSSecretsManagerConfig
- func (c *AWSSecretsManagerConfig) CheckAndSetDefaults() error
type MockSecretsManagerClient
- func NewMockSecretsManagerClient(cfg MockSecretsManagerClientConfig) *MockSecretsManagerClient
type MockSecretsManagerClientConfig
- func (c *MockSecretsManagerClientConfig) SetDefaults()
type Secrets
type Value

Constants ¶

View Source

const (
	// CurrentVersion is a special version string that indicates the current
	// version of the secret.
	CurrentVersion = "CURRENT"

	// PreviousVersion is a special version string that indicates the previous
	// version of the secret.
	PreviousVersion = "PREVIOUS"
)

View Source

const DefaultKeyPrefix = "teleport/"

DefaultKeyPrefix is the default key prefix.

Variables ¶

This section is empty.

Functions ¶

func Key ¶

func Key(parts ...string) string

Key creates a key path with provided parts.

Types ¶

type AWSSecretsManager ¶

type AWSSecretsManager struct {
	// contains filtered or unexported fields
}

AWSSecretsManager is a Secrets store implementation using AWS Secrets Manager.

func NewAWSSecretsManager ¶

func NewAWSSecretsManager(cfg AWSSecretsManagerConfig) (*AWSSecretsManager, error)

NewAWSSecretsManager creates a new Secrets using AWS Secrets Manager.

func (*AWSSecretsManager) CreateOrUpdate ¶

func (s *AWSSecretsManager) CreateOrUpdate(ctx context.Context, key string, value string) error

CreateOrUpdate creates a new secret. Implements Secrets.

func (*AWSSecretsManager) Delete ¶

func (s *AWSSecretsManager) Delete(ctx context.Context, key string) error

Delete deletes the secret for the provided path. Implements Secrets.

func (*AWSSecretsManager) GetValue ¶

func (s *AWSSecretsManager) GetValue(ctx context.Context, key string, version string) (*Value, error)

GetValue returns the secret value for provided version. Implements Secrets.

func (*AWSSecretsManager) PutValue ¶

func (s *AWSSecretsManager) PutValue(ctx context.Context, key, value, currentVersion string) error

PutValue creates a new secret version for the secret. Implements Secrets.

type AWSSecretsManagerConfig ¶

type AWSSecretsManagerConfig struct {
	// KeyPrefix is the key path prefix for all keys used by Secrets.
	KeyPrefix string `yaml:"key_prefix,omitempty"`
	// KMSKeyID is the AWS KMS key that Secrets Manager uses to encrypt and
	// decrypt the secret value.
	KMSKeyID string `yaml:"kms_key_id,omitempty"`
	// Client is the AWS API client for Secrets Manager.
	Client secretsmanageriface.SecretsManagerAPI
}

AWSSecretsManagerConfig is the config for AWSSecretsManager.

func (*AWSSecretsManagerConfig) CheckAndSetDefaults ¶

func (c *AWSSecretsManagerConfig) CheckAndSetDefaults() error

CheckAndSetDefaults validates the config and sets defaults.

type MockSecretsManagerClient ¶

type MockSecretsManagerClient struct {
	secretsmanageriface.SecretsManagerAPI
	// contains filtered or unexported fields
}

MockSecretsManagerClient is a mock implementation of secretsmanageriface.SecretsManagerAPI that makes AWSSecretsManager a functional in-memory Secrets.

Only used for testing.

func NewMockSecretsManagerClient ¶

func NewMockSecretsManagerClient(cfg MockSecretsManagerClientConfig) *MockSecretsManagerClient

NewMockSecretsManagerClient creates a new MockSecretsManagerClient.

func (*MockSecretsManagerClient) CreateSecretWithContext ¶

func (m *MockSecretsManagerClient) CreateSecretWithContext(_ context.Context, input *secretsmanager.CreateSecretInput, _ ...request.Option) (*secretsmanager.CreateSecretOutput, error)

func (*MockSecretsManagerClient) DeleteSecretWithContext ¶

func (m *MockSecretsManagerClient) DeleteSecretWithContext(_ context.Context, input *secretsmanager.DeleteSecretInput, _ ...request.Option) (*secretsmanager.DeleteSecretOutput, error)

func (*MockSecretsManagerClient) DescribeSecretWithContext ¶

func (m *MockSecretsManagerClient) DescribeSecretWithContext(_ context.Context, input *secretsmanager.DescribeSecretInput, _ ...request.Option) (*secretsmanager.DescribeSecretOutput, error)

func (*MockSecretsManagerClient) GetSecretValueWithContext ¶

func (m *MockSecretsManagerClient) GetSecretValueWithContext(_ context.Context, input *secretsmanager.GetSecretValueInput, _ ...request.Option) (*secretsmanager.GetSecretValueOutput, error)

func (*MockSecretsManagerClient) PutSecretValueWithContext ¶

func (m *MockSecretsManagerClient) PutSecretValueWithContext(_ context.Context, input *secretsmanager.PutSecretValueInput, _ ...request.Option) (*secretsmanager.PutSecretValueOutput, error)

func (*MockSecretsManagerClient) UpdateSecretWithContext ¶

func (m *MockSecretsManagerClient) UpdateSecretWithContext(_ context.Context, input *secretsmanager.UpdateSecretInput, _ ...request.Option) (*secretsmanager.UpdateSecretOutput, error)

type MockSecretsManagerClientConfig ¶

type MockSecretsManagerClientConfig struct {
	Region  string
	Account string
	Clock   clockwork.Clock
}

MockSecretsManagerClientConfig is the config for MockSecretsManagerClient.

func (*MockSecretsManagerClientConfig) SetDefaults ¶

func (c *MockSecretsManagerClientConfig) SetDefaults()

SetDefaults sets defaults.

type Secrets ¶

type Secrets interface {
	// CreateOrUpdate creates the secret with the provided path and creates
	// first version with provided value. If secret already exists, it may try
	// to update some settings depending on the implementation and its config.
	CreateOrUpdate(ctx context.Context, key, value string) error

	// Delete deletes the secret with the provided path. All versions of the
	// secret are deleted at the same time.
	Delete(ctx context.Context, key string) error

	// PutValue creates a new secret version for the secret. CurrentVersion can
	// be provided to perform a test-and-set operation, and an error will be
	// returned if the test fails.
	PutValue(ctx context.Context, key, value, currentVersion string) error

	// GetValue returns the secret value for provided version. Besides version
	// string returned from PutValue, two specials versions "CURRENT" and
	// "PREVIOUS" can also be used to retrieve the current and previous
	// versions respectively. If the version is empty, "CURRENT" is used.
	GetValue(ctx context.Context, key, version string) (*Value, error)
}

Secrets defines an interface for managing secrets. A secret consists of a key path and a list of versions that hold copies of current or past secret values.

type Value ¶

type Value struct {
	// Key is the key path of the secret.
	Key string
	// Value is the value of the secret.
	Value string
	// Version is the version of the secret value.
	Version string
	// CreatedAt is the creation time of this version.
	CreatedAt time.Time
}

Value is the secret value.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL