Documentation
¶
Index ¶
- type Config
- type Credentials
- type Store
- func (s *Store) Close() error
- func (s *Store) Create(ctx context.Context, name string, value []byte) error
- func (s *Store) Delete(ctx context.Context, name string) error
- func (s *Store) Get(ctx context.Context, name string) ([]byte, error)
- func (s *Store) List(ctx context.Context, prefix string, n int) ([]string, string, error)
- func (s *Store) Set(ctx context.Context, name string, value []byte) error
- func (s *Store) Status(ctx context.Context) (kes.KeyStoreState, error)
- func (s *Store) String() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Endpoint is the GCP SecretManager endpoint.
Endpoint string
// ProjectID is the ID of the GCP project.
ProjectID string
// Credentials are the GCP credentials to
// access the SecretManager.
Credentials Credentials
// Scopes are GCP OAuth2 scopes for accessing GCP APIs.
// If not set, defaults to the GCP default scopes.
//
// Ref: https://developers.google.com/identity/protocols/oauth2/scopes
Scopes []string
// ErrorLog is an optional logger for errors
// that may occur when interacting with GCP
// SecretManager.
ErrorLog *log.Logger
// contains filtered or unexported fields
}
Config is a structure containing configuration options for connecting to a KeySecure server.
type Credentials ¶
type Credentials struct {
// ClientID is the client ID of the GCP service account.
ClientID string
// Client is the client email of the GCP service account.
Client string
// Key is the private key ID of the GCP service account.
KeyID string
// Key is the encoded private key of the GCP service account.
Key string
// contains filtered or unexported fields
}
Credentials represent GCP service account credentials.
func (Credentials) MarshalJSON ¶
func (c Credentials) MarshalJSON() ([]byte, error)
MarshalJSON returns a JSON representation of the GCP credentials.
The returned JSON contains extra fields to match the JSON credentials returned by GCP. Those additional fields are set to default values.
type Store ¶ added in v0.23.0
type Store struct {
// contains filtered or unexported fields
}
Store is a GCP SecretManager secret store.
func (*Store) Create ¶ added in v0.23.0
Create stores the given key-value pair at GCP secret manager if and only if it doesn't exists. If such an entry already exists it returns kes.ErrKeyExists.
Creating a secret at the GCP SecretManager requires first creating secret itself and then adding a secret version with some payload data. The payload data contains the actual value.
func (*Store) Delete ¶ added in v0.23.0
Delete remove the key-value pair from GCP SecretManager.
Delete will remove all versions of the GCP secret. Even though CreateKey will create only one version and fails if the secret already exists a user may create more secrets versions through e.g. the GCP CLI. However, KES does not support multiple secret versions and expects a different mechanism for "key-rotation".
func (*Store) List ¶ added in v0.23.0
List returns a new Iterator over the names of all stored keys. List returns the first n key names, that start with the given prefix, and the next prefix from which the listing should continue.
It returns all keys with the prefix if n < 0 and less than n names if n is greater than the number of keys with the prefix.
An empty prefix matches any key name. At the end of the listing or when there are no (more) keys starting with the prefix, the returned prefix is empty.
func (*Store) Set ¶ added in v0.23.0
Set stores the given key-value pair at GCP secret manager if and only if it doesn't exists. If such an entry already exists it returns kes.ErrKeyExists.
Creating a secret at the GCP SecretManager requires first creating secret itself and then adding a secret version with some payload data. The payload data contains the actual value.
Source Files