kms

package
v5.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 5, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// IbmKpSecretStorageName is KMS backend name
	IbmKpSecretStorageName = "ibmkeyprotect"
	// IbmServiceAPIKey is the service ID API Key
	IbmServiceAPIKey = "IBM_KP_SERVICE_API_KEY"
	// IbmInstanceIDKey is the Key Protect Service's Instance ID
	IbmInstanceIDKey = "IBM_KP_SERVICE_INSTANCE_ID"
	// IbmBaseURLKey is the Key Protect Service's Base URL
	IbmBaseURLKey = "IBM_KP_BASE_URL"
	// IbmTokenURLKey is the Key Protect Service's Token URL
	IbmTokenURLKey = "IBM_KP_TOKEN_URL"
)
View Source 
const (
	VaultAddr       = "VAULT_ADDR"
	VaultCaCert     = "VAULT_CACERT"
	VaultClientCert = "VAULT_CLIENT_CERT"
	VaultClientKey  = "VAULT_CLIENT_KEY"
	VaultSkipVerify = "VAULT_SKIP_VERIFY"
	VaultToken      = "VAULT_TOKEN"
	RootSecretPath  = "NOOBAA_ROOT_SECRET_PATH"
)

Vault authentication config options

View Source 
const (
	Provider = "KMS_PROVIDER" // backend type configuration key
)

////////////////////////////////////////////////////////////////////////// ///////// KMS provides uniform access to several backend types /////////// //////////////////////////////////////////////////////////////////////////

Variables

This section is empty.

Functions

func NewIBMKpSecretStorage 

func NewIBMKpSecretStorage(
	secretConfig map[string]interface{},
) (secrets.Secrets, error)

NewIBMKpSecretStorage is a constructor, returns a new instance of ibmKpSecretStorage

func RegisterDriver 

func RegisterDriver(name string, ctor DriverCtor) error

RegisterDriver adds a new KMS driver

Types

type Driver 

type Driver interface {
	Path() string
	Name() string
	Config(connectionDetails map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
	GetContext() map[string]string
	SetContext() map[string]string
	DeleteContext() map[string]string
}

Driver is a backend type specific driver interface for libopenstorage/secrets framework

func NewDriver 

func NewDriver(
	dType string,
	name string,
	namespace string,
	uid string,
) Driver

NewDriver returns a new instance of KMS driver identified by the supplied driver type.

func NewIBM 

func NewIBM(
	name string,
	namespace string,
	uid string,
) Driver

NewIBM is IBM KP driver constructor

func NewK8S 

func NewK8S(
	name string,
	namespace string,
	uid string,
) Driver

NewK8S is Kubernetes secret driver constructor

func NewVault 

func NewVault(
	name string,
	namespace string,
	uid string,
) Driver

NewVault is vault driver constructor

type DriverCtor 

type DriverCtor func(
	name string,
	namespace string,
	uid string,
) Driver

DriverCtor is a Driver constructor function type

type IBM 

type IBM struct {
	UID string // NooBaa system UID
}

IBM is a NooBaa root master key ibmKpSecretStorage driver

func (*IBM) Config 

func (i *IBM) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)

Config returns ibmKpK8sSecret secret config

func (*IBM) DeleteContext 

func (*IBM) DeleteContext() map[string]string

DeleteContext returns context used for secret delete operation

func (*IBM) GetContext 

func (*IBM) GetContext() map[string]string

GetContext returns context used for secret get operation

func (*IBM) Name 

func (i *IBM) Name() string

Name returns root key map key

func (*IBM) Path 

func (i *IBM) Path() string

Path returns secret id

func (*IBM) SetContext 

func (*IBM) SetContext() map[string]string

SetContext returns context used for secret set operation

type K8S 

type K8S struct {
	// contains filtered or unexported fields
}

K8S is a Kubernetes driver

func (*K8S) Config 

func (k *K8S) Config(map[string]string, string, string) (map[string]interface{}, error)

Config returns this driver secret config

func (*K8S) DeleteContext 

func (k *K8S) DeleteContext() map[string]string

DeleteContext returns context used for secret delete operation

func (*K8S) GetContext 

func (k *K8S) GetContext() map[string]string

GetContext returns context used for secret get operation

func (*K8S) Name 

func (*K8S) Name() string

Name returns root key map key

func (*K8S) Path 

func (k *K8S) Path() string

Path returns the k8s secret name

func (*K8S) SetContext 

func (k *K8S) SetContext() map[string]string

SetContext returns context used for secret set operation

type KMS 

type KMS struct {
	secrets.Secrets        // secrets interface
	Type            string // backend system type, k8s, vault & ibm are supported
	// contains filtered or unexported fields
}

KMS implements SingleSecret interface using backend implementation of secrets.Secrets interface and using backend type specific driver

func NewKMS 

func NewKMS(connectionDetails map[string]string, tokenSecretName, name, namespace, uid string) (*KMS, error)

NewKMS creates a new secret KMS client or returns error otherwise

func (*KMS) Delete 

func (k *KMS) Delete() error

Delete secret value from KMS

func (*KMS) Get 

func (k *KMS) Get() (string, error)

Get secret value from KMS

func (*KMS) Set 

func (k *KMS) Set(v string) error

Set secret value in KMS

type SingleSecret 

type SingleSecret interface {
	// Get secret value from KMS
	Get() (string, error)

	// Set secret value in KMS
	Set(value string) error

	// Delete secret value from KMS
	Delete() error
}

SingleSecret represents a single secret several backend types are implemented, more types could be added

type Vault 

type Vault struct {
	UID string // NooBaa system UID
}

Vault is a vault driver

func (*Vault) Config 

func (*Vault) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)

Config returns this driver secret config

func (*Vault) DeleteContext 

func (v *Vault) DeleteContext() map[string]string

DeleteContext returns context used for secret delete operation

func (*Vault) GetContext 

func (v *Vault) GetContext() map[string]string

GetContext returns context used for secret get operation

func (*Vault) Name 

func (v *Vault) Name() string

Name returns root key map key

func (*Vault) Path 

func (v *Vault) Path() string

Path return vault's kv secret id

func (*Vault) SetContext 

func (v *Vault) SetContext() map[string]string

SetContext returns context used for secret set operation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.