Documentation ¶
Index ¶
Constants ¶
const ( // Name is the environ.Provider name Name = "sops" // EncryptedFileSeparator is the separator between attributes of the encrypted files in FilesEnvVar EncryptedFileSeparator = ";" // DefaultOutputMode is the default FileMode of generated files DefaultOutputMode = os.FileMode(0700) //FilesEnvVar is the environment variable holding the list of encrypted files FilesEnvVar = "SOPS_FILES" )
Variables ¶
var EnvVars = map[string]string{
"SOPS_FILES": `If SOPS_FILES is set, will iterate over each file (colon separated), attempting to decrypt with Sops.
The decrypted cleartext file can be optionally written out to a separate location (with optional filemode)
or will be parsed into a map[string]string and injected into Environ
e.g. SOPS_FILES=/path/to/file[;/path/to/output[;mode]]:...`,
}
EnvVars is a map of known vonfiguration environment variables and their usage descriptions
Functions ¶
Types ¶
type Decoder ¶
type Decoder struct {
Files []*EncryptedFile `env:"SOPS_FILES" envSeparator:":"`
}
Decoder is an environ.Provider which accepts a list of files encrypted with github.com/mozilla/sops
func (*Decoder) AddToEnviron ¶
AddToEnviron uses go.mozilla.org/sops/decrypt to decrypt the file, then either unmarshals the result into a map[string]string and merges that into an environ.Environ object, or writes the cleartext out to the given output path if set
type EncryptedFile ¶
type EncryptedFile struct {
Path, Ext string
OutputPath string
OutputMode os.FileMode
UnmarshalFunc func([]byte, interface{}) error
}
EncryptedFile is a file that has been encrypted with github.com/mozilla/sops
func (*EncryptedFile) Decrypt ¶
func (ef *EncryptedFile) Decrypt() ([]byte, error)
Decrypt uses go.mozilla.org/sops/decrypt to decrypt an encrypted file
func (*EncryptedFile) Unmarshal ¶
func (ef *EncryptedFile) Unmarshal(data []byte) (map[string]string, error)
Unmarshal uses the configured unmarshal function to unmarshal a decrypted file
func (*EncryptedFile) Write ¶
func (ef *EncryptedFile) Write(data []byte) error
Write writes out cleartext to the configured output path