Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Credentials ¶
type Credentials struct {
AccessKey string // The AWS access key
SecretKey string // The AWS secret key
SessionToken string // The AWS session token
}
Credentials represents static AWS credentials: access key, secret key and a session token
type KMS ¶ added in v0.7.0
type KMS struct {
// Addr is the HTTP address of the AWS KMS.
// In general, the address has the following
// form:
// kms.<region>.amazonaws.com
Addr string
// Region is the AWS region. Even though the Addr
// endpoint contains that information already, this
// field is mandatory.
Region string
// Login contains the AWS credentials (access/secret key).
Login Credentials
// ErrorLog specifies an optional logger for errors
// when files cannot be opened, deleted or contain
// invalid content.
// If nil, logging is done via the log package's
// standard logger.
ErrorLog *log.Logger
// contains filtered or unexported fields
}
KMS is an AWS-KMS client that implements the secret.KMS interface.
It can be used to encrypt secrets before storing them at a key store resp. decrypt them after fetching them from such a store.
func (*KMS) Authenticate ¶ added in v0.7.0
Authenticate tries to establish a connection to the AWS KMS using the login credentials.
type SecretsManager ¶
type SecretsManager struct {
// Addr is the HTTP address of the AWS Secret
// Manager. In general, the address has the
// following form:
// secretsmanager.<region>.amazonaws.com
Addr string
// Region is the AWS region. Even though the Addr
// endpoint contains that information already, this
// field is mandatory.
Region string
// The KMSKeyID is the AWS-KMS key ID specifying the
// AWS-KMS key that is used to encrypt (and decrypt) the
// values stored at AWS Secrets Manager.
KMSKeyID string
// Login contains the AWS credentials (access/secret key).
Login Credentials
// ErrorLog specifies an optional logger for errors
// when files cannot be opened, deleted or contain
// invalid content.
// If nil, logging is done via the log package's
// standard logger.
ErrorLog *log.Logger
// contains filtered or unexported fields
}
SecretsManager is a key-value store that saves/fetches values as secrets on/from the AWS Secrets Manager. See: https://aws.amazon.com/secrets-manager
func (*SecretsManager) Authenticate ¶
func (s *SecretsManager) Authenticate() error
Authenticate tries to establish a connection to the AWS Secrets Manager using the login credentials.
func (*SecretsManager) Create ¶
func (s *SecretsManager) Create(key, value string) error
Create stores the given key-value pair at the AWS SecretsManager if and only if it doesn't exists. If such an entry already exists it returns kes.ErrKeyExists.
If the SecretsManager.KMSKeyID is set AWS will use this key ID to encrypt the values. Otherwise, AWS will use the default key ID for encrypting secrets at the AWS SecretsManager.
func (*SecretsManager) Delete ¶
func (s *SecretsManager) Delete(key string) error
Delete removes the key-value pair from the AWS SecretsManager, if it exists.
Source Files