Documentation ¶
Index ¶
Constants ¶
const ( // Path is the path to the base working directory Path = "path" // Token is the token used for authenticating with a KMS Token = "token" // Server is the address of the KMS Server = "server" // Name is the name of the current node Name = "name" )
Define constant key names for SecretsManagerParams.Extra
const ( // ValidatorKey is the private key secret of the validator node ValidatorKey = "validator-key" // ValidatorBLSKey is the bls secret key of the validator node ValidatorBLSKey = "validator-bls-key" // NetworkKey is the libp2p private key secret used for networking NetworkKey = "network-key" // ValidatorBLSSignature is the BLS signature of the validator node ValidatorBLSSignature = "validator-bls-signature" )
Define constant names for available secrets
const ( ValidatorKeyLocal = "validator.key" ValidatorBLSKeyLocal = "validator-bls.key" NetworkKeyLocal = "libp2p.key" ValidatorBLSSignatureLocal = "validator.sig" )
Define constant file names for the local StorageManager
const ( ConsensusFolderLocal = "consensus" NetworkFolderLocal = "libp2p" )
Define constant folder names for the local StorageManager
Variables ¶
var (
ErrSecretNotFound = errors.New("secret not found")
)
Functions ¶
func SupportedServiceManager ¶
func SupportedServiceManager(service SecretsManagerType) bool
SupportedServiceManager checks if the passed in service manager type is supported
Types ¶
type SecretsManager ¶
type SecretsManager interface { // Setup performs secret manager-specific setup Setup() error // GetSecret gets the secret by name GetSecret(name string) ([]byte, error) // SetSecret sets the secret to a provided value SetSecret(name string, value []byte) error // HasSecret checks if the secret is present HasSecret(name string) bool // RemoveSecret removes the secret from storage RemoveSecret(name string) error }
SecretsManager defines the base public interface that all secret manager implementations should have
type SecretsManagerConfig ¶
type SecretsManagerConfig struct { Token string `json:"token"` // Access token to the instance ServerURL string `json:"server_url"` // The URL of the running server Type SecretsManagerType `json:"type"` // The type of SecretsManager Name string `json:"name"` // The name of the current node Namespace string `json:"namespace"` // The namespace of the service Extra map[string]interface{} `json:"extra"` // Any kind of arbitrary data }
SecretsManagerConfig is the configuration that gets written to a single configuration file
func ReadConfig ¶
func ReadConfig(path string) (*SecretsManagerConfig, error)
ReadConfig reads the SecretsManagerConfig from the specified path
func (*SecretsManagerConfig) WriteConfig ¶
func (c *SecretsManagerConfig) WriteConfig(path string) error
WriteConfig writes the current configuration to the specified path
type SecretsManagerFactory ¶
type SecretsManagerFactory func( config *SecretsManagerConfig, params *SecretsManagerParams, ) (SecretsManager, error)
SecretsManagerFactory is the factory method for secrets managers
type SecretsManagerParams ¶
type SecretsManagerParams struct { // Local logger object Logger hclog.Logger // Extra contains additional data needed for the SecretsManager to function Extra map[string]interface{} }
SecretsManagerParams defines the configuration params for the secrets manager
type SecretsManagerType ¶
type SecretsManagerType string
const ( // Local pertains to the local FS [Default] Local SecretsManagerType = "local" // HashicorpVault pertains to the Hashicorp Vault server HashicorpVault SecretsManagerType = "hashicorp-vault" // AWSSSM pertains to AWS SSM using configured EC2 instance role AWSSSM SecretsManagerType = "aws-ssm" // GCPSSM pertains to the Google Cloud Computing secret store manager GCPSSM SecretsManagerType = "gcp-ssm" )
Define constant types of secrets managers