kms

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 19, 2020 License: Apache-2.0 Imports: 17 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	// OsdEncryptionSecretNameKeyName is the key name of the Secret that contains the OSD encryption key
	// #nosec G101 since this is not leaking any hardcoded credentials, it's just the secret key name
	OsdEncryptionSecretNameKeyName = "dmcrypt-key"

	// KMSTokenSecretNameKey is the key name of the Secret that contains the KMS authentication token
	KMSTokenSecretNameKey = "token"
)
View Source 
const (
	// EtcVaultDir is vault config dir
	EtcVaultDir = "/etc/vault"
)
View Source 
const (
	// Provider is the config name for the KMS provider type
	Provider = "KMS_PROVIDER"
)

Variables

This section is empty.

Functions

func ConfigEnvsToMapString 

func ConfigEnvsToMapString() map[string]string

ConfigEnvsToMapString returns all the env variables in map from a known KMS

func GenerateOSDEncryptionSecretName 

func GenerateOSDEncryptionSecretName(pvcName string) string

GenerateOSDEncryptionSecretName generate the Kubernetes Secret name of the encrypted key

func GetParam 

func GetParam(kmsConfig map[string]string, param string) string

GetParam returns the value of the KMS config option

func InitVault 

func InitVault(context *clusterd.Context, namespace string, config map[string]string) (secrets.Secrets, error)

InitVault inits the secret store

func SetTokenToEnvVar 

func SetTokenToEnvVar(context *clusterd.Context, tokenSecretName, provider, namespace string) error

SetTokenToEnvVar sets a KMS token as an env variable

func TLSSecretVolumeAndMount 

func TLSSecretVolumeAndMount(config map[string]string) []v1.VolumeProjection

TLSSecretVolumeAndMount return the volume and matching volume mount for mounting the secrets into /etc/vault

func ValidateConnectionDetails 

func ValidateConnectionDetails(context *clusterd.Context, clusterSpec *cephv1.ClusterSpec, ns string) error

ValidateConnectionDetails validates mandatory KMS connection details

func VaultConfigToEnvVar 

func VaultConfigToEnvVar(spec cephv1.ClusterSpec) []v1.EnvVar

VaultConfigToEnvVar populates the kms config as env variables

func VaultVolumeAndMount 

func VaultVolumeAndMount(config map[string]string) (v1.Volume, v1.VolumeMount)

VaultVolumeAndMount returns Vault volume and volume mount

Types

type Config 

type Config struct {
	Provider string
	// contains filtered or unexported fields
}

Config is the generic configuration for the KMS

func NewConfig 

func NewConfig(context *clusterd.Context, clusterSpec *cephv1.ClusterSpec, clusterInfo *cephclient.ClusterInfo) *Config

NewConfig returns the selected KMS

func (*Config) DeleteSecret 

func (c *Config) DeleteSecret(secretName string) error

DeleteSecret deletes an encrypted key from a KMS

func (*Config) GetSecret 

func (c *Config) GetSecret(secretName string) (string, error)

GetSecret returns an encrypted key from a KMS

func (*Config) IsK8s 

func (c *Config) IsK8s() bool

IsK8s determines whether the configured KMS is Kubernetes

func (*Config) IsVault 

func (c *Config) IsVault() bool

IsVault determines whether the configured KMS is Vault

func (*Config) PutSecret 

func (c *Config) PutSecret(secretName, secretValue string) error

PutSecret writes an encrypted key in a KMS

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.