gcp

package

v0.13.3 Latest Latest Go to latest Published: Jan 14, 2021 License: AGPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/minio/kes

Links

Open Source Insights

Documentation ¶

Index ¶

type Credentials
- func (c Credentials) MarshalJSON() ([]byte, error)
type SecretManager

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Credentials ¶

type Credentials struct {

	// ClientID is the client ID of the GCP service account.
	ClientID string

	// Client is the client email of the GCP service account.
	Client string

	// Key is the private key ID of the GCP service account.
	KeyID string

	// Key is the encoded private key of the GCP service account.
	Key string
	// contains filtered or unexported fields
}

Credentials represent GCP service account credentials.

func (Credentials) MarshalJSON ¶

func (c Credentials) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON representation of the GCP credentials.

The returned JSON contains extra fields to match the JSON credentials returned by GCP. Those additional fields are set to default values.

type SecretManager ¶

type SecretManager struct {
	// Endpoint is the HTTP endpoint of the GCP SecretManager.
	// The endpoint for the GCP SecretManager is:
	//    secretmanager.googleapis.com:443
	Endpoint string

	// The project ID is a unique, user-assigned ID that can be used by Google APIs.
	// The project ID must be a unique string of 6 to 30 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	ProjectID string

	// ErrorLog specifies an optional logger for errors
	// when files cannot be opened, deleted or contain
	// invalid content.
	// If nil, logging is done via the log package's
	// standard logger.
	ErrorLog *log.Logger
	// contains filtered or unexported fields
}

SecretManager is a secret store that uses a GCP SecretManager for storing secrets.

func (*SecretManager) Authenticate ¶

func (s *SecretManager) Authenticate(credentials Credentials) error

Authenticate tries to auth and connect to GCP secret manager using the given credentials.

func (*SecretManager) Create ¶

func (s *SecretManager) Create(key, value string) error

Create stores the given key-value pair at GCP secret manager if and only if it doesn't exists. If such an entry already exists it returns kes.ErrKeyExists.

Creating a secret at the GCP SecretManager requires first creating secret itself and then adding a secret version with some payload data. The payload data contains the actual value.

func (*SecretManager) Delete ¶

func (s *SecretManager) Delete(key string) error

Delete remove the key-value pair from GCP SecretManager.

Delete will remove all versions of the GCP secret. Even though CreateKey will create only one version and fails if the secret already exists a user may create more secrets versions through e.g. the GCP CLI. However, KES does not support multiple secret versions and expects a different mechanism for "key-rotation".

func (*SecretManager) Get ¶

func (s *SecretManager) Get(key string) (string, error)

Get returns the value associated with the given key.

func (*SecretManager) List ¶ added in v0.13.0

func (s *SecretManager) List(ctx context.Context) (secret.Iterator, error)

List returns a new Iterator over the names of all stored keys.

Source Files ¶

View all Source files

secret-manager.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL