Documentation
¶
Overview ¶
Package secrethub provides the SecretHub API client, look here to read, write and manage secrets.
Index ¶
- Constants
- Variables
- type AccessLevelIterator
- type AccessLevelIteratorParams
- type AccessRuleIterator
- type AccessRuleIteratorParams
- type AccessRuleService
- type AccountIterator
- type AccountIteratorParams
- type AccountKeyService
- type AccountService
- type AppInfo
- type AuditEventIterator
- type AuditEventIteratorParams
- type Client
- func (c *Client) AccessRules() AccessRuleService
- func (c *Client) Accounts() AccountService
- func (c *Client) Credentials() CredentialService
- func (c *Client) DefaultCredential() credentials.Reader
- func (c *Client) Dirs() DirService
- func (c *Client) IDPLinks() IDPLinkService
- func (c *Client) Me() MeService
- func (c *Client) Orgs() OrgService
- func (c *Client) Repos() RepoService
- func (c *Client) Secrets() SecretService
- func (c *Client) Services() ServiceService
- func (c *Client) Users() UserService
- type ClientInterface
- type ClientOption
- func WithAppInfo(appInfo *AppInfo) ClientOption
- func WithConfigDir(configDir configdir.Dir) ClientOption
- func WithCredentials(provider credentials.Provider) ClientOption
- func WithDefaultPassphraseReader(reader credentials.Reader) ClientOption
- func WithServerURL(serverURL string) ClientOption
- func WithTimeout(timeout time.Duration) ClientOption
- func WithTransport(transport http.RoundTripper) ClientOption
- type CredentialIterator
- type CredentialListParams
- type CredentialService
- type DirService
- type IDPLinkGCPService
- type IDPLinkService
- type IdpLinkIterator
- type IdpLinkIteratorParams
- type MeService
- type OrgIterator
- type OrgIteratorParams
- type OrgMemberIterator
- type OrgMemberIteratorParams
- type OrgMemberService
- type OrgService
- type RepoIterator
- type RepoIteratorParams
- type RepoService
- type RepoServiceIteratorParams
- type RepoServiceService
- type RepoUserService
- type SecretService
- type SecretVersionIterator
- type SecretVersionIteratorParams
- type SecretVersionService
- type ServiceIterator
- type ServiceIteratorParams
- type ServiceService
- type UserIterator
- type UserIteratorParams
- type UserService
Examples ¶
Constants ¶
View Source
const ClientVersion = "v0.32.0"
ClientVersion is the current version of the client Do not edit this unless you know what you're doing.
View Source
const DefaultAccountKeyLength = 4096
DefaultAccountKeyLength defines the default bit size for account keys.
View Source
const ( // MaxSecretSize is the maximum size of a secret before encryption. MaxSecretSize = 512 * units.KiB )
Variables ¶
View Source
var ( ErrSecretTooBig = errClient.Code("secret_too_big").Error(fmt.Sprintf("maximum size of a secret is %s", units.BytesSize(MaxSecretSize))) ErrEmptySecret = errClient.Code("empty_secret").Error("secret is empty") ErrCannotWriteToVersion = errClient.Code("cannot_write_version").Error("cannot (over)write a specific secret version, they are append only") )
Errors
View Source
var (
ErrInvalidAppInfoName = errClient.Code("invalid_app_info_name").Error("name must be 2-50 characters long, only alphanumeric, underscore (_), and dash (-)")
)
Errors
View Source
var (
ErrInvalidServerURL = errClient.Code("invalid_server_url").ErrorPref("%s")
)
Errors
View Source
var (
ErrNoDecryptionKey = errClient.Code("no_decryption_key").Error("client is not initialized with a method to decrypt the account key")
)
Errors
View Source
var (
ErrUnknownIdentityProvider = errClient.Code("unknown_identity_provider").ErrorPref("%s is not a supported identity provider. Valid options are `aws` and `key`.")
)
Errors
Functions ¶
This section is empty.
Types ¶
type AccessLevelIterator ¶
type AccessLevelIterator interface {
Next() (api.AccessLevel, error)
}
AccessLevelIterator iterates over access levels.
type AccessLevelIteratorParams ¶
type AccessLevelIteratorParams struct{}
AccessLevelIteratorParams defines the parameters used when listing access levels.
type AccessRuleIterator ¶
type AccessRuleIterator interface {
Next() (api.AccessRule, error)
}
AccessLevelIterator iterates over access rules.
type AccessRuleIteratorParams ¶
type AccessRuleIteratorParams struct {
Depth *uint // Depth defines the depth of traversal for the iterator, nil means listing all subdirectories.
Ancestors bool // Ancestors defines whether the iterator should also list access rules of parent directories.
}
AccessRuleIteratorParams specify parameters used when listing access rules.
type AccessRuleService ¶
type AccessRuleService interface {
// Get retrieves the access rule for the given account on the given directory.
Get(path string, accountName string) (*api.AccessRule, error)
// Set sets an access rule with a certain permission level for an account to a path.
Set(path string, permission string, accountName string) (*api.AccessRule, error)
// Delete removes the accessrule for the given directory and account.
Delete(path string, accountName string) error
// List retrieves all access rules that apply to a directory, including
// rules that apply to its children up to a specified depth. When ancestors is set
// to true, it also includes rules for any parent directories. When the depth is
// set to -1, all children are retrieved without limit.
// Deprecated: Use iterator function instead.
List(path string, depth int, ancestors bool) ([]*api.AccessRule, error)
// Iterator returns an iterator that retrieves all access rules that apply to a
// directory.
Iterator(path string, _ *AccessRuleIteratorParams) AccessRuleIterator
// ListLevels lists the access levels on the given directory.
// Deprecated: Use iterator function instead.
ListLevels(path string) ([]*api.AccessLevel, error)
// LevelIterator returns an iterator that retrieves all access levels on the given directory.
LevelIterator(path string, _ *AccessLevelIteratorParams) AccessLevelIterator
}
AccessRuleService handles operations on access rules from SecretHub.
type AccountIterator ¶
AccountIterator iterates over accounts.
type AccountIteratorParams ¶
type AccountIteratorParams struct{}
AccountIteratorParams defines parameters used when listing Accounts.
type AccountKeyService ¶
type AccountKeyService interface {
// Create creates an account key for the client's credential.
Create(verifier credentials.Verifier, encrypter credentials.Encrypter) (*api.EncryptedAccountKey, error)
// Exists returns whether an account key exists for the client's credential.
Exists() (bool, error)
}
AccountKeyService handles operations on SecretHub account keys.
type AccountService ¶
type AccountService interface {
// Me retrieves the authenticated account of the client.
Me() (*api.Account, error)
// Get retrieves an account by name.
Get(name string) (*api.Account, error)
// Keys returns an account key service.
Keys() AccountKeyService
}
AccountService handles operations on SecretHub accounts.
type AppInfo ¶
AppInfo contains information about the application that is using the SecretHub client. It is used to identify the application to the SecretHub API.
func (AppInfo) ValidateName ¶
ValidateName returns an error if the provided app name is not set or doesn't match alphanumeric, underscore (_), and dash (-) characters, or length of 2-50 characters.
type AuditEventIterator ¶
type AuditEventIteratorParams ¶
type AuditEventIteratorParams struct{}
AuditEventIteratorParams can be used to configure iteration of audit events.
For now, there's nothing to configure. We'll add filter options soon. The struct is already added, so that adding parameters is backwards compatible.
type Client ¶
Client is a client for the SecretHub HTTP API.
func Must ¶
Must is a helper function to ensure the Client is valid and there was no error when calling a NewClient function.
This helper is intended to be used in initialization to load the Session and configuration at startup. For example:
var client = secrethub.Must(secrethub.NewClient())
func NewClient ¶
func NewClient(with ...ClientOption) (*Client, error)
NewClient creates a new SecretHub client. Provided options are applied to the client.
If no WithCredentials() option is provided, the client tries to find a key credential at the following locations (in order):
- The SECRETHUB_CREDENTIAL environment variable.
- The credential file placed in the directory given by the SECRETHUB_CONFIG_DIR environment variable.
- The credential file found in <user's home directory>/.secrethub/credential.
If no key credential could be found, a Client is returned that can only be used for unauthenticated routes.
Example ¶
Create a new Client.
package main
import (
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
)
func main() {
client, err := secrethub.NewClient()
if err != nil {
log.Fatal(err)
}
// use the client
_, err = client.Secrets().ReadString("workspace/repo/secret")
if err != nil {
log.Fatal(err)
}
}
Output:
Example (Aws) ¶
Create a new client that uses native AWS services to handle encryption and authentication.
package main
import (
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
"github.com/rossmerr/secrets-go/pkg/secrethub/credentials"
)
func main() {
client, err := secrethub.NewClient(secrethub.WithCredentials(credentials.UseAWS()))
if err != nil {
log.Fatal(err)
}
// use the client
_, err = client.Secrets().ReadString("workspace/repo/secret")
if err != nil {
log.Fatal(err)
}
}
Output:
func (*Client) AccessRules ¶
func (c *Client) AccessRules() AccessRuleService
AccessRules returns a service used to manage access rules.
func (*Client) Accounts ¶
func (c *Client) Accounts() AccountService
Accounts returns a service used to manage SecretHub accounts.
func (*Client) Credentials ¶
func (c *Client) Credentials() CredentialService
Credentials returns a service used to manage credentials.
func (*Client) DefaultCredential ¶
func (c *Client) DefaultCredential() credentials.Reader
DefaultCredential returns a reader pointing to the configured credential, sourcing it either from the SECRETHUB_CREDENTIAL environment variable or from the configuration directory.
func (*Client) Dirs ¶
func (c *Client) Dirs() DirService
Dirs returns a service used to manage directories.
Example (Create) ¶
Create a new directory.
package main
import (
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
)
var client secrethub.ClientInterface
func main() {
_, err := client.Dirs().Create("workspace/repo/dir")
if err != nil {
log.Fatal(err)
}
}
Output:
func (*Client) IDPLinks ¶
func (c *Client) IDPLinks() IDPLinkService
func (*Client) Orgs ¶
func (c *Client) Orgs() OrgService
Orgs returns a service used to manage shared organization workspaces.
func (*Client) Repos ¶
func (c *Client) Repos() RepoService
Repos returns a service used to manage repositories.
Example (Create) ¶
Create a new repository.
package main
import (
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
)
var client secrethub.ClientInterface
func main() {
_, err := client.Repos().Create("workspace/repo")
if err != nil {
log.Fatal(err)
}
}
Output:
Example (EventIterator) ¶
List all audit events for a given repository.
package main
import (
"fmt"
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
"github.com/rossmerr/secrets-go/pkg/secrethub/iterator"
)
var client secrethub.ClientInterface
func main() {
iter := client.Repos().EventIterator("workspace/repo", &secrethub.AuditEventIteratorParams{})
for {
event, err := iter.Next()
if err == iterator.Done {
break
} else if err != nil {
log.Fatal(err)
}
fmt.Printf("Audit event logged at:%s form ip address: %s", event.LoggedAt.Local(), event.IPAddress)
}
}
Output:
func (*Client) Secrets ¶
func (c *Client) Secrets() SecretService
Secrets returns a service used to manage secrets.
Example (EventIterator) ¶
List all audit events for a given secret.
package main
import (
"fmt"
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
"github.com/rossmerr/secrets-go/pkg/secrethub/iterator"
)
var client secrethub.ClientInterface
func main() {
iter := client.Secrets().EventIterator("workspace/repo/secret", &secrethub.AuditEventIteratorParams{})
for {
event, err := iter.Next()
if err == iterator.Done {
break
} else if err != nil {
log.Fatal(err)
}
fmt.Printf("Audit event logged at:%s form ip address: %s", event.LoggedAt.Local(), event.IPAddress)
}
}
Output:
Example (Read) ¶
Read a secret.
package main
import (
"fmt"
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
)
var client secrethub.ClientInterface
func main() {
secret, err := client.Secrets().Read("workspace/repo/secret")
if err != nil {
log.Fatal(err)
}
fmt.Print(string(secret.Data))
}
Output:
Example (Write) ¶
Write a secret.
package main
import (
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
)
var client secrethub.ClientInterface
func main() {
secret := []byte("secret_value_123")
_, err := client.Secrets().Write("workspace/repo/secret", secret)
if err != nil {
log.Fatal(err)
}
}
Output:
func (*Client) Services ¶
func (c *Client) Services() ServiceService
Services returns a service used to manage non-human service accounts.
Example (Create) ¶
Create a service account credential.
package main
import (
"fmt"
"log"
"github.com/rossmerr/secrets-go/pkg/secrethub"
"github.com/rossmerr/secrets-go/pkg/secrethub/credentials"
)
var client secrethub.ClientInterface
func main() {
credentialCreator := credentials.CreateKey()
service, err := client.Services().Create("workspace/repo", "Service account description", credentialCreator)
if err != nil {
log.Fatal(err)
}
key, err := credentialCreator.Export()
if err != nil {
log.Fatal(err)
}
fmt.Printf("Service ID: %s\n", service.ServiceID)
fmt.Printf("Credential: %s\n", string(key))
}
Output:
func (*Client) Users ¶
func (c *Client) Users() UserService
Users returns a service used to manage (human) user accounts.
type ClientInterface ¶
type ClientInterface interface {
// AccessRules returns a service used to manage access rules.
AccessRules() AccessRuleService
// Accounts returns a service used to manage SecretHub accounts.
Accounts() AccountService
// Credentials returns a service used to manage credentials.
Credentials() CredentialService
// Dirs returns a service used to manage directories.
Dirs() DirService
// IDPLinks returns a service used to manage links between namespaces and Identity Providers.
IDPLinks() IDPLinkService
// Me returns a service used to manage the current authenticated account.
Me() MeService
// Orgs returns a service used to manage shared organization workspaces.
Orgs() OrgService
// Repos returns a service used to manage repositories.
Repos() RepoService
// Secrets returns a service used to manage secrets.
Secrets() SecretService
// Services returns a service used to manage non-human service accounts.
Services() ServiceService
// Users returns a service used to manage (human) user accounts.
Users() UserService
}
ClientInterface is an interface that can be used to consume the SecretHub client and is implemented by secrethub.Client.
type ClientOption ¶
ClientOption is an option that can be set on a secrethub.Client.
func WithAppInfo ¶
func WithAppInfo(appInfo *AppInfo) ClientOption
WithAppInfo sets the AppInfo to be used for identifying the application that is using the SecretHub Client.
func WithConfigDir ¶
func WithConfigDir(configDir configdir.Dir) ClientOption
WithConfigDir sets the configuration directory to use (among others) for sourcing the credential file from.
func WithCredentials ¶
func WithCredentials(provider credentials.Provider) ClientOption
WithCredentials sets the credential to be used for authenticating to the API and decrypting the account key.
func WithDefaultPassphraseReader ¶
func WithDefaultPassphraseReader(reader credentials.Reader) ClientOption
WithDefaultPassphraseReader sets a default passphrase reader that is used for decrypting an encrypted key credential if no credential is set explicitly.
func WithServerURL ¶
func WithServerURL(serverURL string) ClientOption
WithServerURL overrides the default server endpoint URL used by the HTTP client.
func WithTimeout ¶
func WithTimeout(timeout time.Duration) ClientOption
WithTimeout overrides the default request timeout of the HTTP client.
func WithTransport ¶
func WithTransport(transport http.RoundTripper) ClientOption
WithTransport replaces the DefaultTransport used by the HTTP client with the provided RoundTripper.
type CredentialIterator ¶
type CredentialIterator interface {
Next() (api.Credential, error)
}
CredentialIterator can be used to iterate over a list of credentials.
type CredentialListParams ¶
type CredentialListParams struct{}
CredentialListParams are the parameters that configure credential listing.
type CredentialService ¶
type CredentialService interface {
// Create a new credential from the credentials.Creator for an existing account.
Create(credentials.Creator, string) (*api.Credential, error)
// Disable an existing credential.
Disable(fingerprint string) error
// List lists all credentials of the currently authenticated account.
List(_ *CredentialListParams) CredentialIterator
}
CredentialService handles operations on credentials on SecretHub.
type DirService ¶
type DirService interface {
// Create a directory at a given path.
Create(path string) (*api.Dir, error)
// CreateAll creates all directories in the given path that do not exist yet.
//
// Contrary to Create, it doesn't return an error when the directories already exist.
CreateAll(path string) error
// Exists returns whether a directory where you have access to exists at a given path.
Exists(path string) (bool, error)
// Get returns the directory with the given ID.
GetByID(id uuid.UUID) (*api.Dir, error)
// Delete removes the directory at the given path.
Delete(path string) error
// GetTree retrieves a directory at a given path and all of its descendants up to a given depth.
// When the depth <= 0, all descendants are returned. When ancestors is true, the parent directories
// of the dir at the given path will also be included in the tree.
GetTree(path string, depth int, ancestors bool) (*api.Tree, error)
}
DirService handles operations on directories from SecretHub.
type IDPLinkGCPService ¶
type IDPLinkGCPService interface {
Create(namespace string, projectID string, authorizationCode string, redirectURI string) (*api.IdentityProviderLink, error)
List(namespace string, params *IdpLinkIteratorParams) IdpLinkIterator
Get(namespace string, projectID string) (*api.IdentityProviderLink, error)
Exists(namespace string, projectID string) (bool, error)
Delete(namespace string, projectID string) error
AuthorizationCodeListener(namespace string, projectID string) (oauthorizer.CallbackHandler, error)
}
type IDPLinkService ¶
type IDPLinkService interface {
GCP() IDPLinkGCPService
}
type IdpLinkIterator ¶
type IdpLinkIterator interface {
Next() (api.IdentityProviderLink, error)
}
IdpLinkIterator iterates over identity provider links.
type IdpLinkIteratorParams ¶
type IdpLinkIteratorParams struct{}
IdpLinkIteratorParams defines parameters used when listing identity provider links.
type MeService ¶
type MeService interface {
// GetUser retrieves the current users details.
GetUser() (*api.User, error)
// SendVerificationEmail sends an email to the authenticated user's registered email address
// for them to prove they own that email address.
SendVerificationEmail() error
// ListRepos retrieves all repositories of the current user.
// Deprecated: Use iterator function instead.
ListRepos() ([]*api.Repo, error)
// RepoIterator returns an iterator that retrieves all repos of the current user.
RepoIterator(_ *RepoIteratorParams) RepoIterator
}
MeService handles operations on the authenticated account.
type OrgIterator ¶
OrgIterator iterates over organizations.
type OrgIteratorParams ¶
type OrgIteratorParams struct{}
type OrgMemberIterator ¶
OrgMemberIterator iterates over organization members.
type OrgMemberIteratorParams ¶
type OrgMemberIteratorParams struct{}
OrgMemberIteratorParams defines parameters used when listing members of the organization.
type OrgMemberService ¶
type OrgMemberService interface {
// Invite invites a user to an organization.
Invite(org string, username string, role string) (*api.OrgMember, error)
// Get retrieves a users organization membership details.
Get(org string, username string) (*api.OrgMember, error)
// Update updates the role of a member of the organization.
Update(org string, username string, role string) (*api.OrgMember, error)
// Revoke removes the given user from the organization.
Revoke(org string, username string, opts *api.RevokeOpts) (*api.RevokeOrgResponse, error)
// List retrieves all members of the given organization.
// Deprecated: Use iterator function instead.
List(org string) ([]*api.OrgMember, error)
// Iterator returns an iterator that lists all members of a given organization.
Iterator(org string, _ *OrgMemberIteratorParams) OrgMemberIterator
}
OrgMemberService handles operations on organization members.
type OrgService ¶
type OrgService interface {
// Create creates an organization.
Create(name string, description string) (*api.Org, error)
// Get retrieves an organization.
Get(name string) (*api.Org, error)
// Members returns an OrgMemberService.
Members() OrgMemberService
// Delete removes an organization.
Delete(name string) error
// ListMine returns the organizations of the current user.
// Deprecated: Use iterator function instead.
ListMine() ([]*api.Org, error)
// Iterator returns an iterator that lists all organizations of the current user.
Iterator(params *OrgIteratorParams) OrgIterator
}
OrgService handles operations on organisations on SecretHub.
type RepoIterator ¶
RepoIterator iterates over repositories.
type RepoIteratorParams ¶
type RepoIteratorParams struct {
Namespace *string
}
RepoIteratorParams defines parameters used when listing repos.
type RepoService ¶
type RepoService interface {
// Create creates a new repo for the given owner and name.
Create(path string) (*api.Repo, error)
// Get retrieves the repo with the given path.
Get(path string) (*api.Repo, error)
// Delete removes the repo with the given path.
Delete(path string) error
// List retrieves all repositories in the given namespace.
// Deprecated: Use iterator function instead.
List(namespace string) ([]*api.Repo, error)
// Iterator returns a new iterator that retrieves all repos according to the specified parameters.
Iterator(_ *RepoIteratorParams) RepoIterator
// ListAccounts lists the accounts in the repository.
// Deprecated: Use iterator function instead.
ListAccounts(path string) ([]*api.Account, error)
// AccountIterator returns a new iterator that retrieves all accounts in the given repository.
AccountIterator(path string, params *AccountIteratorParams) AccountIterator
// EventIterator returns an iterator that retrieves all audit events for a given repo.
//
// Usage:
// iter := client.Repos().EventIterator(path, &secrethub.AuditEventIteratorParams{})
// for {
// event, err := iter.Next()
// if err == iterator.Done {
// break
// } else if err != nil {
// // Handle error
// }
//
// // Use event
// }
EventIterator(path string, _ *AuditEventIteratorParams) AuditEventIterator
// ListEvents retrieves all audit events for a given repo.
// Deprecated: Use iterator function instead.
ListEvents(path string, subjectTypes api.AuditSubjectTypeList) ([]*api.Audit, error)
// ListMine retrieves all repositories of the current user.
// Deprecated: Use iterator function instead.
ListMine() ([]*api.Repo, error)
// Users returns a RepoUserService that handles operations on users of a repository.
Users() RepoUserService
// Services returns a RepoServiceService that handles operations on services of a repository.
Services() RepoServiceService
}
RepoService handles operations on repositories from SecretHub.
type RepoServiceIteratorParams ¶
type RepoServiceIteratorParams struct{}
RepoServiceIteratorParams defines parameters used when listing Services of a given repo.
type RepoServiceService ¶
type RepoServiceService interface {
// List lists the services of the given repository.
// Deprecated: Use iterator function instead.
List(path string) ([]*api.Service, error)
// Iterator returns an iterator that lists all services of the given repository.
Iterator(path string, _ *RepoServiceIteratorParams) ServiceIterator
}
RepoServiceService handles operations on services of repositories.
type RepoUserService ¶
type RepoUserService interface {
// Invite invites the user with given username to the repository at the given path.
Invite(path string, username string) (*api.RepoMember, error)
// Revoke revokes the user with given username from the repository with the given path.
Revoke(path string, username string) (*api.RevokeRepoResponse, error)
// List lists the users of the given repository.
// Deprecated: Use iterator function instead.
List(path string) ([]*api.User, error)
// Iterator returns an iterator that lists the users of a given repository.
Iterator(path string, params *UserIteratorParams) UserIterator
}
RepoUserService handles operations on users of a repository.
type SecretService ¶
type SecretService interface {
// Write encrypts and writes any secret data to SecretHub, always creating
// a new secret version for the written data. This ensures secret data is
// never overwritten.
//
// To ensure forward secrecy, a new secret key is used whenever the previously
// used key has been flagged.
//
// Write accepts any non-empty byte data that is within the size limit of MaxSecretSize.
// Note that data is encrypted as is. Sanitizing data is the responsibility of the
// function caller.
Write(path string, data []byte) (*api.SecretVersion, error)
// Read is an alias of `Versions().GetWithData` and gets a secret version, with sensitive data decrypted.
Read(path string) (*api.SecretVersion, error)
// ReadString is a convenience function to get the secret data as a string.
//
// See .Versions() for more elaborate use.
ReadString(path string) (string, error)
// Exists returns whether a secret exists on the given path.
Exists(path string) (bool, error)
// Get retrieves a Secret.
Get(path string) (*api.Secret, error)
// Delete removes the secret at the given path.
Delete(path string) error
// EventIterator returns an iterator that retrieves all audit events for a given secret.
//
// Usage:
// iter := client.Repos().EventIterator(path, &secrethub.AuditEventIteratorParams{})
// for {
// event, err := iter.Next()
// if err == iterator.Done {
// break
// } else if err != nil {
// // Handle error
// }
//
// // Use event
// }
EventIterator(path string, _ *AuditEventIteratorParams) AuditEventIterator
// ListEvents retrieves all audit events for a given secret.
ListEvents(path string, subjectTypes api.AuditSubjectTypeList) ([]*api.Audit, error)
// Versions returns a SecretVersionService.
Versions() SecretVersionService
}
SecretService handles operations on secrets from SecretHub.
type SecretVersionIterator ¶
type SecretVersionIterator interface {
Next() (api.SecretVersion, error)
}
SecretVersionIterator iterates over secret versions.
type SecretVersionIteratorParams ¶
type SecretVersionIteratorParams struct {
IncludeSensitiveData bool
}
SecretVersionIteratorParams defines parameters used when listing SecretVersions. If IncludeSensitiveData is set to true, secret data will also be retrieved.
type SecretVersionService ¶
type SecretVersionService interface {
// GetWithData gets a secret version, with the sensitive data.
GetWithData(path string) (*api.SecretVersion, error)
// GetWithoutData gets a secret version, without the sensitive data.
GetWithoutData(path string) (*api.SecretVersion, error)
// Delete removes a secret version.
Delete(path string) error
// ListWithData lists secret versions, with the sensitive data.
// Deprecated: Use iterator function instead.
ListWithData(path string) ([]*api.SecretVersion, error)
// ListWithoutData lists secret versions, without the sensitive data.
// Deprecated: Use iterator function instead.
ListWithoutData(path string) ([]*api.SecretVersion, error)
// Iterator returns a new iterator that retrieves all secret versions in the given namespace.
// If the IncludeSensitiveData parameter is set to true, the secret data will also be retrieved.
Iterator(path string, params *SecretVersionIteratorParams) SecretVersionIterator
}
SecretVersionService handles operations on secret versions from SecretHub.
type ServiceIterator ¶
ServiceIterator iterates over services.
type ServiceIteratorParams ¶
type ServiceIteratorParams struct{}
ServiceIteratorParams defines parameters used when listing Services.
type ServiceService ¶
type ServiceService interface {
// Create creates a new service account for the given repo.
Create(path string, description string, credential credentials.Creator) (*api.Service, error)
// Get retrieves a service account by name.
Get(name string) (*api.Service, error)
// Delete removes a service account by name.
Delete(name string) (*api.RevokeRepoResponse, error)
// List lists all service accounts in a given repository.
// Deprecated: Use iterator function instead.
List(path string) ([]*api.Service, error)
// Iterator returns an iterator that lists all service accounts in a given repository.
Iterator(path string, _ *ServiceIteratorParams) ServiceIterator
}
ServiceService handles operations on service accounts from SecretHub.
type UserIterator ¶
UserIterator iterates over users.
type UserIteratorParams ¶
type UserIteratorParams struct{}
UserIteratorParams defines parameters used when listing Users.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package configdir provides simple functions to manage the SecretHub configuration directory.
|
Package configdir provides simple functions to manage the SecretHub configuration directory. |
|
Package credentials provides utilities for managing SecretHub API credentials.
|
Package credentials provides utilities for managing SecretHub API credentials. |
|
sessions
Package sessions provides session authentication to the SecretHub API for the HTTP client.
|
Package sessions provides session authentication to the SecretHub API for the HTTP client. |
|
Package fakeclient provides mock implementations of the client to be used for testing.
|
Package fakeclient provides mock implementations of the client to be used for testing. |
|
internals
|
|
|
http
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
|
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g. |
|
Package iterator provides a generic iterator to be used as a building block for typed iterators.
|
Package iterator provides a generic iterator to be used as a building block for typed iterators. |
Click to show internal directories.
Click to hide internal directories.