Documentation
¶
Index ¶
- Constants
- func NewIBMKpSecretStorage(secretConfig map[string]interface{}) (secrets.Secrets, error)
- func NewKMIPSecretStorage(secretConfig map[string]interface{}) (secrets.Secrets, error)
- func RegisterDriver(name string, ctor DriverCtor) error
- type Driver
- func NewDriver(dType string, name string, namespace string, uid string) Driver
- func NewIBM(name string, namespace string, uid string) Driver
- func NewK8S(name string, namespace string, uid string) Driver
- func NewKMIP(name string, namespace string, uid string) Driver
- func NewVault(name string, namespace string, uid string) Driver
- type DriverCtor
- type IBM
- func (i *IBM) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
- func (*IBM) DeleteContext() map[string]string
- func (*IBM) GetContext() map[string]string
- func (i *IBM) Name() string
- func (i *IBM) Path() string
- func (*IBM) SetContext() map[string]string
- type K8S
- type KMIP
- func (*KMIP) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
- func (k *KMIP) DeleteContext() map[string]string
- func (k *KMIP) GetContext() map[string]string
- func (k *KMIP) Name() string
- func (k *KMIP) Path() string
- func (k *KMIP) SetContext() map[string]string
- type KMIPSecretStorage
- func (*KMIPSecretStorage) Decrypt(secretID string, encryptedData string, keyContext map[string]string) (string, error)
- func (k *KMIPSecretStorage) DeleteSecret(secretID string, keyContext map[string]string) error
- func (*KMIPSecretStorage) Encrypt(secretID string, plaintTextData string, keyContext map[string]string) (string, error)
- func (k *KMIPSecretStorage) GetSecret(secretID string, keyContext map[string]string) (map[string]interface{}, error)
- func (*KMIPSecretStorage) ListSecrets() ([]string, error)
- func (k *KMIPSecretStorage) PutSecret(secretID string, plainText map[string]interface{}, ...) error
- func (*KMIPSecretStorage) Rencrypt(originalSecretID string, newSecretID string, ...) (string, error)
- func (*KMIPSecretStorage) String() string
- type KMS
- type SingleSecret
- type Vault
- func (*Vault) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
- func (v *Vault) DeleteContext() map[string]string
- func (v *Vault) GetContext() map[string]string
- func (v *Vault) Name() string
- func (v *Vault) Path() string
- func (v *Vault) SetContext() map[string]string
Constants ¶
const ( // IbmKpSecretStorageName is KMS backend name IbmKpSecretStorageName = "ibmkeyprotect" // IbmServiceAPIKey is the service ID API Key IbmServiceAPIKey = "IBM_KP_SERVICE_API_KEY" // IbmInstanceIDKey is the Key Protect Service's Instance ID IbmInstanceIDKey = "IBM_KP_SERVICE_INSTANCE_ID" // IbmBaseURLKey is the Key Protect Service's Base URL IbmBaseURLKey = "IBM_KP_BASE_URL" // IbmTokenURLKey is the Key Protect Service's Token URL IbmTokenURLKey = "IBM_KP_TOKEN_URL" )
const ( KMIPEndpoint = "KMIP_ENDPOINT" KMIPSecret = "KMIP_CERTS_SECRET" KMIPUniqueID = "UniqueIdentifier" KMIPTLSServerName = "TLS_SERVER_NAME" KMIPReadTimeOut = "READ_TIMEOUT" KMIPWriteTimeOut = "WRITE_TIMEOUT" KMPSecret = "secret" KMIPCACERT = "CA_CERT" KMIPCLIENTCERT = "CLIENT_CERT" KMIPCLIENTKEY = "CLIENT_KEY" )
KMIP client config options
const ( // KMIPSecretStorageName is KMS backend name KMIPSecretStorageName = "kmip" // KMIPDefaulReadTimeout is the default read network timeout KMIPDefaulReadTimeout = 10 // KMIPDefaulWriteTimeout is the default write network timeout KMIPDefaulWriteTimeout = 10 )
const ( VaultAddr = "VAULT_ADDR" VaultCaCert = "VAULT_CACERT" VaultClientCert = "VAULT_CLIENT_CERT" VaultClientKey = "VAULT_CLIENT_KEY" VaultSkipVerify = "VAULT_SKIP_VERIFY" VaultToken = "VAULT_TOKEN" RootSecretPath = "NOOBAA_ROOT_SECRET_PATH" )
Vault authentication config options
const (
Provider = "KMS_PROVIDER" // backend type configuration key
)
////////////////////////////////////////////////////////////////////////// ///////// KMS provides uniform access to several backend types /////////// //////////////////////////////////////////////////////////////////////////
Variables ¶
This section is empty.
Functions ¶
func NewIBMKpSecretStorage ¶
NewIBMKpSecretStorage is a constructor, returns a new instance of ibmKpSecretStorage
func NewKMIPSecretStorage ¶ added in v5.12.4
NewKMIPSecretStorage is a constructor, returns a new instance of KMIPSecretStorage
func RegisterDriver ¶
func RegisterDriver(name string, ctor DriverCtor) error
RegisterDriver adds a new KMS driver
Types ¶
type Driver ¶
type Driver interface {
Path() string
Name() string
Config(connectionDetails map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
GetContext() map[string]string
SetContext() map[string]string
DeleteContext() map[string]string
}
Driver is a backend type specific driver interface for libopenstorage/secrets framework
func NewDriver ¶
NewDriver returns a new instance of KMS driver identified by the supplied driver type.
type DriverCtor ¶
DriverCtor is a Driver constructor function type
type IBM ¶
type IBM struct {
UID string // NooBaa system UID
}
IBM is a NooBaa root master key ibmKpSecretStorage driver
func (*IBM) Config ¶
func (i *IBM) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
Config returns ibmKpK8sSecret secret config
func (*IBM) DeleteContext ¶
DeleteContext returns context used for secret delete operation
func (*IBM) GetContext ¶
GetContext returns context used for secret get operation
func (*IBM) SetContext ¶
SetContext returns context used for secret set operation
type K8S ¶
type K8S struct {
// contains filtered or unexported fields
}
K8S is a Kubernetes driver
func (*K8S) DeleteContext ¶
DeleteContext returns context used for secret delete operation
func (*K8S) GetContext ¶
GetContext returns context used for secret get operation
func (*K8S) SetContext ¶
SetContext returns context used for secret set operation
type KMIP ¶ added in v5.12.4
type KMIP struct {
}
KMIP is a kmip driver
func (*KMIP) Config ¶ added in v5.12.4
func (*KMIP) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
Config returns this driver secret config
func (*KMIP) DeleteContext ¶ added in v5.12.4
DeleteContext returns context used for secret delete operation
func (*KMIP) GetContext ¶ added in v5.12.4
GetContext returns context used for secret get operation
func (*KMIP) SetContext ¶ added in v5.12.4
SetContext returns context used for secret set operation
type KMIPSecretStorage ¶ added in v5.12.4
type KMIPSecretStorage struct {
// contains filtered or unexported fields
}
KMIPSecretStorage is a KMIP backend Key Management Systems (KMS) which implements libopenstorage Secrets interface
func (*KMIPSecretStorage) Decrypt ¶ added in v5.12.4
func (*KMIPSecretStorage) Decrypt( secretID string, encryptedData string, keyContext map[string]string, ) (string, error)
Decrypt is no supported
func (*KMIPSecretStorage) DeleteSecret ¶ added in v5.12.4
func (k *KMIPSecretStorage) DeleteSecret( secretID string, keyContext map[string]string, ) error
DeleteSecret deletes the secret data associated with the supplied secretId.
func (*KMIPSecretStorage) Encrypt ¶ added in v5.12.4
func (*KMIPSecretStorage) Encrypt( secretID string, plaintTextData string, keyContext map[string]string, ) (string, error)
Encrypt is no supported
func (*KMIPSecretStorage) GetSecret ¶ added in v5.12.4
func (k *KMIPSecretStorage) GetSecret( secretID string, keyContext map[string]string, ) (map[string]interface{}, error)
GetSecret returns the secret data associated with the supplied secretId.
func (*KMIPSecretStorage) ListSecrets ¶ added in v5.12.4
func (*KMIPSecretStorage) ListSecrets() ([]string, error)
ListSecrets is no supported
func (*KMIPSecretStorage) PutSecret ¶ added in v5.12.4
func (k *KMIPSecretStorage) PutSecret( secretID string, plainText map[string]interface{}, keyContext map[string]string, ) error
PutSecret will associate an secretId to its secret data provided in the arguments and store it into the secret backend
func (*KMIPSecretStorage) Rencrypt ¶ added in v5.12.4
func (*KMIPSecretStorage) Rencrypt( originalSecretID string, newSecretID string, originalKeyContext map[string]string, newKeyContext map[string]string, encryptedData string, ) (string, error)
Rencrypt is no supported
func (*KMIPSecretStorage) String ¶ added in v5.12.4
func (*KMIPSecretStorage) String() string
String representation of this implementation
type KMS ¶
type KMS struct {
secrets.Secrets // secrets interface
Type string // backend system type, k8s, vault & ibm are supported
// contains filtered or unexported fields
}
KMS implements SingleSecret interface using backend implementation of secrets.Secrets interface and using backend type specific driver
type SingleSecret ¶
type SingleSecret interface {
// Get secret value from KMS
Get() (string, error)
// Set secret value in KMS
Set(value string) error
// Delete secret value from KMS
Delete() error
}
SingleSecret represents a single secret several backend types are implemented, more types could be added
type Vault ¶
type Vault struct {
UID string // NooBaa system UID
}
Vault is a vault driver
func (*Vault) Config ¶
func (*Vault) Config(config map[string]string, tokenSecretName, namespace string) (map[string]interface{}, error)
Config returns this driver secret config
func (*Vault) DeleteContext ¶
DeleteContext returns context used for secret delete operation
func (*Vault) GetContext ¶
GetContext returns context used for secret get operation
func (*Vault) SetContext ¶
SetContext returns context used for secret set operation
Source Files