Documentation ¶
Index ¶
Constants ¶
const ( SecretsStatePackage = "secrets" SecretsStateFileName = "secrets.cue" SecretsStateValue = "secrets" SecretsStateRecipientFileName = "recipients.cue" SecretsStateRecipientValue = "recipient" K8sSecretName = "dec-key" K8sSecretDataKey = "priv" )
Variables ¶
var (
ErrKeyNotFound = errors.New("Decryption key not found")
)
Functions ¶
This section is empty.
Types ¶
type Decrypter ¶
type Decrypter struct {
// contains filtered or unexported fields
}
Decrypter reads the private decryption key from a Kubernetes secret and uses it to decrypt every encrypted secret found in the secrets/secrets.cue file in the declcd gitops repository.
func NewDecrypter ¶
func NewDecrypter( namespace string, kubeClient kube.Client[unstructured.Unstructured], workerPoolSize int, ) Decrypter
type Encrypter ¶
type Encrypter struct {
// contains filtered or unexported fields
}
Encrypter reads the public encryption key from the secret/recipients.cue file and uses it to encrypt every secret found in the declcd gitops repository.
func NewEncrypter ¶
func (Encrypter) EncryptPackage ¶
EncryptPackage reads the public encryption key from the secret/recipients.cue file and uses it to encrypt every secret found in the cue declcd/package and stores the encrypted files in secret/secrets.cue.
type Manager ¶
Manager is capable of encrypting and decrypting secrets for a declcd gitops project. See Decrypter and [Encrpyter]. Its main purpose is to maintain the encryption/decryption keys.
func NewManager ¶
func NewManager( projectRoot string, namespace string, kubeClient kube.Client[unstructured.Unstructured], workerPoolSize int, ) Manager
func (Manager) CreateKeyIfNotExists ¶
CreateKeyIfNotExists creates the public/private key pair to encrypt and decrypt secrets of a declcd gitops project if the corresponding Kubernetes secret is not found. On creation it completely rewrites the secret/recipients.cue and secret/secrets.cue files and applies the decryption key as a Kubernetes secret.
type RecipientFile ¶
type RecipientFile struct {
Recipient string `json:"recipient"`
}