secret

package
v0.22.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 6, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SecretsStatePackage           = "secrets"
	SecretsStateFileName          = "secrets.cue"
	SecretsStateValue             = "secrets"
	SecretsStateRecipientFileName = "recipients.cue"
	SecretsStateRecipientValue    = "recipient"
	K8sSecretName                 = "dec-key"
	K8sSecretDataKey              = "priv"
)

Variables

View Source 
var (
	ErrKeyNotFound = errors.New("Decryption key not found")
)

Functions

This section is empty.

Types

type Decrypter 

type Decrypter struct {
	// contains filtered or unexported fields
}

Decrypter reads the private decryption key from a Kubernetes secret and uses it to decrypt every encrypted secret found in the secrets/secrets.cue file in the declcd gitops repository.

func NewDecrypter 

func NewDecrypter(
	namespace string,
	kubeClient kube.Client[unstructured.Unstructured],
	workerPoolSize int,
) Decrypter

func (Decrypter) Decrypt 

func (dec Decrypter) Decrypt(
	ctx context.Context,
	projectRoot string,
) (string, error)

Decrypt reads the private decryption key from a Kubernetes secret and uses it to decrypt every encrypted secret found in the secrets/secrets.cue file in the declcd gitops repository. It returns the path to the decrypted declcd project.

type Encrypter 

type Encrypter struct {
	// contains filtered or unexported fields
}

Encrypter reads the public encryption key from the secret/recipients.cue file and uses it to encrypt every secret found in the declcd gitops repository.

func NewEncrypter 

func NewEncrypter(projectRoot string) Encrypter

func (Encrypter) EncryptPackage 

func (enc Encrypter) EncryptPackage(pkg string) error

EncryptPackage reads the public encryption key from the secret/recipients.cue file and uses it to encrypt every secret found in the cue declcd/package and stores the encrypted files in secret/secrets.cue.

type Manager 

type Manager struct {
	Encrypter
	Decrypter
	// contains filtered or unexported fields
}

Manager is capable of encrypting and decrypting secrets for a declcd gitops project. See Decrypter and [Encrpyter]. Its main purpose is to maintain the encryption/decryption keys.

func NewManager 

func NewManager(
	projectRoot string,
	namespace string,
	kubeClient kube.Client[unstructured.Unstructured],
	workerPoolSize int,
) Manager

func (Manager) CreateKeyIfNotExists 

func (manager Manager) CreateKeyIfNotExists(ctx context.Context, fieldManager string) error

CreateKeyIfNotExists creates the public/private key pair to encrypt and decrypt secrets of a declcd gitops project if the corresponding Kubernetes secret is not found. On creation it completely rewrites the secret/recipients.cue and secret/secrets.cue files and applies the decryption key as a Kubernetes secret.

func (Manager) Namespace 

func (manager Manager) Namespace() string

Namespace of the decryption key secret.

type RecipientFile 

type RecipientFile struct {
	Recipient string `json:"recipient"`
}

type SecretsStateFile 

type SecretsStateFile struct {
	Secrets map[string]string `json:"secrets"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.