api

package
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2021 License: Apache-2.0 Imports: 20 Imported by: 5

Documentation

Overview

Package api provides request and response types for interacting with the SecretHub API.

Index

Constants

View Source 
const (
	AuditSubjectAccount       = "account"
	AuditSubjectUser          = "user"
	AuditSubjectService       = "service"
	AuditSubjectSecret        = "secret"
	AuditSubjectSecretVersion = "secret_version"
	AuditSubjectSecretKey     = "secret_key"
	AuditSubjectSecretMember  = "permission"
	AuditSubjectRepo          = "repo"
	AuditSubjectRepoMember    = "repo_member"
	AuditSubjectRepoKey       = "repo_key"
)

The different options for an AuditSubjectType.

View Source 
const (
	AuthMethodAWSSTS            = "aws-sts"
	AuthMethodGCPServiceAccount = "gcp-service-account"
)

AuthMethod options

View Source 
const (
	CredentialMetadataAWSKMSKey = "aws_kms_key_id"
	CredentialMetadataAWSRole   = "aws_role"

	CredentialMetadataGCPKMSKeyResourceID    = "gcp_kms_resource_id"
	CredentialMetadataGCPServiceAccountEmail = "gcp_service_account_email"
)

Credential metadata keys

View Source 
const (
	EncryptionAlgorithmAESGCM  EncryptionAlgorithm = "aes-gcm"
	EncryptionAlgorithmRSAOEAP EncryptionAlgorithm = "rsa-oaep"
	EncryptionAlgorithmAWSKMS  EncryptionAlgorithm = "aws-kms"
	EncryptionAlgorithmGCPKMS  EncryptionAlgorithm = "gcp-kms"

	HashingAlgorithmSHA256 HashingAlgorithm = "sha-256"
)

Supported values for EncryptionAlgorithm.

View Source 
const (
	OrgRoleAdmin  = "admin"
	OrgRoleMember = "member"
)

Roles

View Source 
const (
	// StatusOK signals everything is in order.
	StatusOK = "ok"
	// StatusFlagged signals that a resource should be considered compromised and should be rotated/no longer used.
	StatusFlagged = "flagged"
	// StatusFailed signals that revocation cannot complete.
	StatusFailed = "failed"
)

Status Constants

View Source 
const (
	// CredentialProofPrefixAWS is the prefix to use in AWS STS proof plaintext.
	CredentialProofPrefixAWS = "secrethub-allow-role="
)
View Source 
const (
	// MaxEncryptedSecretSize is the maximum size of EncryptedSecretVersion.EncryptedData.
	MaxEncryptedSecretSize = (512*4/3 + 5) * units.KiB // 512 KiB corrected for base64 overhead (4/3) and metadata
)
View Source 
const (
	ShortCredentialFingerprintMinimumLength = 10
)

Variables

View Source 
var (
	ErrInvalidAccountName = errAPI.Code("invalid_account_name").Error("An account name either needs to be an username or a servicename")
	ErrInvalidKeyID       = errAPI.Code("invalid_key_id").Error("id of the provided account key is invalid")

	ServiceNamePrefix = "s-"
)

Errors

View Source 
var (
	ErrAccountNotKeyed    = errAPI.Code("account_not_keyed").StatusError("User has not yet keyed their account", http.StatusBadRequest)
	ErrAccountKeyNotFound = errAPI.Code("account_key_not_found").StatusError("User has not yet keyed their account", http.StatusNotFound)
	ErrIllegalKeyVersion  = errHub.Code("illegal_key_version").StatusError("key_version should be either v1 or v2", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrInvalidSecretID         = errAPI.Code("invalid_secret_id").StatusError("invalid secret id", http.StatusBadRequest)
	ErrInvalidDirID            = errAPI.Code("invalid_dir_id").StatusError("invalid directory id", http.StatusBadRequest)
	ErrAccessRuleAlreadyExists = errAPI.Code("access_rule_already_exists").StatusError("access rule already exists", http.StatusConflict)
	ErrAccessRuleNotFound      = errAPI.Code("access_rule_not_found").StatusError("access rule not found", http.StatusNotFound)
)

Errors

View Source 
var (
	ErrInvalidSessionType = errAPI.Code("invalid_session_type").StatusError("invalid session type provided for authentication request", http.StatusBadRequest)
	ErrInvalidPayload     = errAPI.Code("invalid_payload").StatusError("invalid payload provided for authentication request", http.StatusBadRequest)
	ErrInvalidAuthMethod  = errAPI.Code("invalid_auth_method").StatusError("invalid auth method", http.StatusBadRequest)
	ErrMissingField       = errAPI.Code("missing_field").StatusErrorPref("request is missing field %s", http.StatusBadRequest)
	ErrSessionNotFound    = errAPI.Code("session_not_found").StatusError("session could not be found, it might have expired", http.StatusForbidden)
	ErrSessionExpired     = errAPI.Code("session_expired").StatusError("session has expired", http.StatusForbidden)
	ErrAuthFailed         = errAPI.Code("auth_failed").StatusError("authentication failed", http.StatusForbidden)
)

Errors

View Source 
var (
	ErrCouldNotGetEndpoint   = errAPI.Code("aws_endpoint_not_found").StatusError("could not find an AWS endpoint for the provided region", http.StatusBadRequest)
	ErrAWSException          = errAPI.Code("aws_exception").StatusError("encountered an unexpected problem while verifying your identity on AWS. Please try again later.", http.StatusFailedDependency)
	ErrNoServiceWithRole     = errAPI.Code("no_service_with_role").StatusErrorPref("no service account found that is linked to the IAM role '%s'", http.StatusNotFound)
	ErrNoAWSCredentials      = errAPI.Code("missing_aws_credentials").StatusError("request was not signed with AWS credentials", http.StatusUnauthorized)
	ErrInvalidAWSCredentials = errAPI.Code("invalid_aws_credentials").StatusError("credentials were not accepted by AWS", http.StatusUnauthorized)
)

Errors

View Source 
var (
	ErrInvalidGCPIDToken     = errAPI.Code("invalid_id_token").StatusError("provided id_token is invalid", http.StatusBadRequest)
	ErrNoGCPServiceWithEmail = errAPI.Code("no_service_with_email").StatusErrorPref("no service account found that is linked to the GCP Service Account %s'", http.StatusUnauthorized)
)

Errors

View Source 
var (
	ErrUnknownAlgorithm  = errAPI.Code("unknown_algorithm").Error("algorithm of the encoded ciphertext is invalid")
	ErrInvalidCiphertext = errAPI.Code("invalid_ciphertext").Error("cannot encode invalid ciphertext")
	ErrInvalidMetadata   = errAPI.Code("invalid_metadata").Error("metadata of encrypted key is invalid")
)

Errors These will be removed after the next server-release, as they are then no longer returned from the server.

View Source 
var (
	ErrInvalidFingerprint                 = errAPI.Code("invalid_fingerprint").StatusError("fingerprint is invalid", http.StatusBadRequest)
	ErrTooShortFingerprint                = errAPI.Code("too_short_fingerprint").StatusErrorf("at least %d characters of the fingerprint must be entered", http.StatusBadRequest, ShortCredentialFingerprintMinimumLength)
	ErrCredentialFingerprintNotUnique     = errAPI.Code("fingerprint_not_unique").StatusErrorf("there are multiple credentials that start with the given fingerprint. Please use the full fingerprint", http.StatusConflict)
	ErrInvalidVerifier                    = errAPI.Code("invalid_verifier").StatusError("verifier is invalid", http.StatusBadRequest)
	ErrInvalidCredentialType              = errAPI.Code("invalid_credential_type").StatusError("credential type is invalid", http.StatusBadRequest)
	ErrInvalidCredentialDescription       = errAPI.Code("invalid_credential_description").StatusError("credential description can be at most 32 characters long", http.StatusBadRequest)
	ErrInvalidAWSEndpoint                 = errAPI.Code("invalid_aws_endpoint").StatusError("invalid AWS endpoint provided", http.StatusBadRequest)
	ErrInvalidProof                       = errAPI.Code("invalid_proof").StatusError("invalid proof provided for credential", http.StatusUnauthorized)
	ErrAWSAccountMismatch                 = errAPI.Code("aws_account_mismatch").StatusError("the AWS Account ID in the role ARN does not match the AWS Account ID of the AWS credentials used for authentication. Make sure you are using AWS credentials that correspond to the role you are trying to add.", http.StatusUnauthorized)
	ErrAWSAuthFailed                      = errAPI.Code("aws_auth_failed").StatusError("authentication not accepted by AWS", http.StatusUnauthorized)
	ErrAWSKMSKeyNotFound                  = errAPI.Code("aws_kms_key_not_found").StatusError("could not found the KMS key", http.StatusNotFound)
	ErrInvalidRoleARN                     = errAPI.Code("invalid_role_arn").StatusError("provided role is not a valid ARN", http.StatusBadRequest)
	ErrMissingMetadata                    = errAPI.Code("missing_metadata").StatusErrorPref("expecting %s metadata provided for credentials of type %s", http.StatusBadRequest)
	ErrInvalidMetadataValue               = errAPI.Code("invalid_metadata").StatusErrorPref("invalid value for metadata %s: %s", http.StatusBadRequest)
	ErrUnknownMetadataKey                 = errAPI.Code("unknown_metadata_key").StatusErrorPref("unknown metadata key: %s", http.StatusBadRequest)
	ErrRoleDoesNotMatch                   = errAPI.Code("role_does_not_match").StatusError("role in metadata does not match the verifier", http.StatusBadRequest)
	ErrGCPServiceAccountEmailDoesNotMatch = errAPI.Code("service_account_email_mismatch").StatusError("service account email in metadata does not match the verifier", http.StatusBadRequest)
	ErrCannotDisableCurrentCredential     = errAPI.Code("cannot_disable_current_credential").StatusError("cannot disable the credential that is currently used on this device", http.StatusConflict)
)

Errors

View Source 
var (
	ErrInvalidDirName = errAPI.Code("invalid_dir_name").StatusError(
		"directory names must be between 2 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrInvalidDirBlindName    = errAPI.Code("invalid_dir_blind_name").StatusErrorf("directory blind name is invalid: %s", http.StatusBadRequest, ErrInvalidBlindName)
	ErrInvalidParentBlindName = errAPI.Code("invalid_parent_blind_name").StatusErrorf("directory parent blind name is invalid: %s", http.StatusBadRequest, ErrInvalidBlindName)
)

Errors

View Source 
var (
	ErrInvalidEncryptionAlgorithm    = errAPI.Code("invalid_encryption_algorithm").Error("invalid encryption algorithm provided")
	ErrInvalidKeyType                = errAPI.Code("invalid_key_type").Error("invalid key type")
	ErrKeyAlgorithmMismatch          = errAPI.Code("key_algorithm_mismatch").Error("mismatch between algorithm and key type")
	ErrInvalidKeyLength              = errAPI.Code("invalid_key_length").Error("key length value is invalid")
	ErrInvalidKeyDerivationAlgorithm = errAPI.Code("invalid_key_derivation_algorithm").Error("invalid key derivation algorithm")
)

Errors

View Source 
var (
	ErrInvalidNonceLength      = errAPI.Code("invalid_nonce_length").Error("invalid nonce length provided")
	ErrInvalidHashingAlgorithm = errAPI.Code("invalid_hashing_algorithm").Error("invalid hashing algorithm provided")
)

Errors

View Source 
var (
	ErrInvalidIDPLinkType          = errAPI.Code("invalid_idp_link_type").StatusError("invalid IDP link type", http.StatusBadRequest)
	ErrInvalidGCPProjectID         = errAPI.Code("invalid_gcp_project_id").StatusErrorPref("invalid GCP project ID: %s", http.StatusBadRequest)
	ErrVerifyingGCPAccessProof     = errAPI.Code("gcp_verification_error").StatusError("could not verify GCP authorization", http.StatusInternalServerError)
	ErrInvalidGCPAuthorizationCode = errAPI.Code("invalid_authorization_code").StatusError("authorization code was not accepted by GCP", http.StatusPreconditionFailed)
	ErrGCPLinkPermissionDenied     = errAPI.Code("gcp_permission_denied").StatusError("missing required projects.get permission to create link to GCP project", http.StatusPreconditionFailed)
)
View Source 
var (
	ErrInvalidSecretPath       = errAPI.Code("invalid_secret_path").ErrorPref("secret path must be of the form <namespace>/<repo>[/<dir-path>]/<secret> got '%s'")
	ErrInvalidRepoPath         = errAPI.Code("invalid_repo_path").ErrorPref("repo path must be of the form <namespace>/<repo> got '%s'")
	ErrInvalidDirPath          = errAPI.Code("invalid_dir_path").ErrorPref("dir path must be of the form <namespace>/<repo>[/<dir-path>] got '%s'")
	ErrInvalidNamespace        = errAPI.Code("invalid_namespace").Error("namespace must be a valid username or organization name")
	ErrInvalidPath             = errAPI.Code("invalid_path").Error("path is not a reference to a namespace, a repository, a directory, or a secret")
	ErrInvalidPathType         = errAPI.Code("invalid_path_type").Error("using an unknown path type")
	ErrPathAlreadyHasVersion   = errAPI.Code("path_already_has_version").Error("this secret path already has a version")
	ErrPathHasNoVersion        = errAPI.Code("path_has_no_version").Error("this secret path requires a version")
	ErrParentPathOnInvalidPath = errAPI.Code("parent_path_on_invalid_path").ErrorPref("retrieving a parent path on an invalid path: %s")
)

Errors

View Source 
var (
	ErrInvalidOrgName = errAPI.Code("invalid_org_name").StatusError(
		"organization names must be between 3 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrOrgNameMustContainAlphanumeric = errAPI.Code("org_name_must_contain_alphanumeric").StatusError(
		"organization names must contain at least one alphanumeric character ",
		http.StatusBadRequest,
	)
	ErrInvalidDescription = errAPI.Code("invalid_description").StatusError(
		"descriptions have a maximum length of 144 characters "+
			"and may only contain (special) letters, numbers, spaces, and punctuation characters",
		http.StatusBadRequest,
	)
	ErrInvalidBlindName     = errAPI.Code("invalid_blind_name").StatusError("The blind name is not a 256 bits string encoded with URL safe base64", http.StatusBadRequest)
	ErrInvalidDirPermission = errAPI.Code("invalid_dir_permission").StatusError(
		"directory permission may only consist of up to 3 unique letters r (read), w (write), and a (admin)",
		http.StatusBadRequest,
	)
	ErrInvalidDirRole = errAPI.Code("invalid_dir_role").StatusError(
		"directory roles must be either read, write, or admin",
		http.StatusBadRequest,
	)
	ErrInvalidCredentialFingerprint = errAPI.Code("invalid_credential_fingerprint").StatusError(
		"credential fingerprint must consist of 64 hexadecimal characters",
		http.StatusBadRequest,
	)

	ErrInvalidGCPServiceAccountEmail        = errAPI.Code("invalid_service_account_email").StatusError("not a valid GCP service account email", http.StatusBadRequest)
	ErrNotUserManagerGCPServiceAccountEmail = errAPI.Code("require_user_managed_service_account").StatusError("provided GCP service account email is not for a user-manager service account", http.StatusBadRequest)
	ErrInvalidGCPKMSResourceID              = errAPI.Code("invalid_key_resource_id").StatusError("not a valid resource ID, expected: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY", http.StatusBadRequest)
	ErrInvalidSetupCode                     = errAPI.Code("invalid_setup_code").StatusError("setup code starts with su- and is followed by groups of letters and numbers separated by dashes", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrInvalidRepoName = errAPI.Code("invalid_repo_name").StatusError(
		"repo names must be between 1 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrInvalidRepoEncryptionKey        = errAPI.Code("invalid_repo_encryption_key").StatusError("repo encryption key is invalid", http.StatusBadRequest)
	ErrInvalidRepoIndexKey             = errAPI.Code("invalid_repo_index_key").StatusError("repo index key is invalid", http.StatusBadRequest)
	ErrInvalidAccountID                = errAPI.Code("invalid_account_id").StatusError("account id is invalid", http.StatusBadRequest)
	ErrInvalidSecretMemberAccountID    = errAPI.Code("invalid_secret_member_account_id").StatusError("account id of secret member does not correspond to the account id of the invited user", http.StatusBadRequest)
	ErrInvalidSecretKeyMemberAccountID = errAPI.Code("invalid_secret_key_member_account_id").StatusError("account id of secret key member does not correspond to the account id of the invited user", http.StatusBadRequest)
	ErrRepoMemberNotFound              = errAPI.Code("repo_member_not_found").StatusError("repo member not found", http.StatusNotFound)
	ErrNoRootDir                       = errAPI.Code("no_root_dir").StatusError("there is no create dir request for the root directory", http.StatusBadRequest)
	ErrNoRepoMember                    = errAPI.Code("no_repo_member").StatusError("there is no create repo member request for the root directory", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrInvalidSecretName = errAPI.Code("invalid_secret_name").StatusError(
		"secret names must be between 1 and 32 characters and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)

	ErrInvalidSecretVersion = errAPI.Code("invalid_secret_version").StatusError(
		"secret version can only be positive numbers or latest",
		http.StatusBadRequest,
	)

	ErrInvalidNodeID              = errAPI.Code("invalid_node_id").StatusError("the node id is invalid", http.StatusBadRequest)
	ErrInvalidEncryptedSecretName = errAPI.Code("invalid_encrypted_secret_name").StatusError("invalid ciphertext for encrypted secret name", http.StatusBadRequest)
	ErrInvalidSecretBlindName     = errAPI.Code("invalid_secret_blind_name").StatusError("secret blind name is invalid", http.StatusBadRequest)
	ErrInvalidSecretBlob          = errAPI.Code("invalid_secret_blob").StatusError("secret blob is invalid", http.StatusBadRequest)
	ErrNoSecretMembers            = errAPI.Code("no_secret_members").StatusError("no secret members added to write request", http.StatusBadRequest)

	ErrInvalidSecretKeyID              = errAPI.Code("invalid_secret_key_id").StatusError("secret_key_id is invalid", http.StatusBadRequest)
	ErrNotEncryptedForAccounts         = errAPI.Code("not_encrypted_for_accounts").StatusError("missing data encrypted for accounts. This can occur when access rules are simultaneously created with resources controlled by the access rule. You may try again.", http.StatusConflict)
	ErrNotUniquelyEncryptedForAccounts = errAPI.Code("not_uniquely_encrypted_for_accounts").StatusError("not uniquely encrypted for accounts", http.StatusBadRequest)

	ErrCannotDeleteLastSecretVersion = errAPI.Code("cannot_delete_last_version").StatusError("Cannot delete the last version of a secret", http.StatusForbidden)
)

Errors

View Source 
var (

	// General
	ErrNotFound                  = errHub.Code("not_found").StatusError("Not found", http.StatusNotFound)
	ErrValidationFailed          = errHub.Code("validation_failed").StatusError("Validation errors", http.StatusExpectationFailed)
	ErrBadRequest                = errHub.Code("bad_request").StatusError("Bad request", http.StatusBadRequest)
	ErrTimeout                   = errHub.Code("timeout").StatusError("Timeout", http.StatusInternalServerError)
	ErrUnknownMethod             = errHub.Code("method_not_supported").StatusError("Method not supported", http.StatusNotImplemented)
	ErrDomainNotFound            = errHub.Code("domain_not_found").StatusError("Domain not found", http.StatusNotFound)
	ErrForbidden                 = errAPI.Code("forbidden").StatusError("You are not allowed to perform this action", http.StatusForbidden)
	ErrRequestNotAuthenticated   = errAPI.Code("not_authenticated").StatusError("Request was not authenticated. Please ensure that the client has access to a credential or that an identity provider is configured correctly.", http.StatusUnauthorized)
	ErrNoAccountKeyForCredential = errAPI.Code("no_account_key_for_credential").StatusError("Could not find account-key for credential used for authentication.", http.StatusInternalServerError)
	ErrCannotPerformActionOnSelf = errAPI.Code("cannot_perform_action_on_self").StatusError("You cannot perform this action on yourself", http.StatusForbidden)
	ErrYourAccountNotKeyed       = errAPI.Code("account_not_keyed").StatusError("Your account has not been fully initialized", http.StatusBadRequest)

	// DB
	ErrDatabaseRecordAlreadyExists = errHub.Code("already_exists").StatusError("Already exists", http.StatusConflict)

	// Namespaces
	ErrNamespaceNotFound                      = errAPI.Code("namespace_not_found").StatusError("Namespace not found", http.StatusNotFound)
	ErrNamespaceAlreadyExists                 = errAPI.Code("namespace_already_exists").StatusError("this name already exists", http.StatusConflict)
	ErrCannotPerformActionOnPersonalNamespace = errAPI.Code("not_allowed_on_personal_namespace").StatusError("you cannot perform this action on a personal namespace", http.StatusForbidden)

	// Auth
	ErrAccountIncomplete    = errHub.Code("account_incomplete").StatusError("This account is not registered, please create a user first", http.StatusForbidden)
	ErrTokenNotVerified     = errHub.Code("token_not_verified").StatusError("Token not verified", http.StatusUnauthorized)
	ErrPasswordTooWeak      = errHub.Code("password_too_weak").StatusError("The password must be longer than 8 characters", http.StatusBadRequest)
	ErrSignatureNotVerified = errHub.Code("invalid_signature").StatusError("request was not signed by a valid credential", http.StatusUnauthorized)

	// Repos
	ErrRepoNotFound      = errHub.Code("repo_not_found").StatusErrorPref("Repo '%s' not found", http.StatusNotFound)
	ErrRepoAlreadyExists = errHub.Code("repo_already_exists").StatusError("Repo already exists, please create a different repo", http.StatusConflict)

	// Dirs
	ErrDirAlreadyExists    = errHub.Code("dir_already_exists").StatusError("Directory or secret already exists, create a different directory", http.StatusConflict)
	ErrDirNotFound         = errHub.Code("dir_not_found").StatusError("Directory not found", http.StatusNotFound)
	ErrParentDirNotFound   = errHub.Code("parent_dir_not_found").StatusError("Parent directory not found", http.StatusNotFound)
	ErrCannotRemoveRootDir = errHub.Code("cannot_remove_root_dir").StatusError("Root directory of a repository cannot be removed, remove the repository instead", http.StatusBadRequest)

	// Secrets
	ErrSecretAlreadyExists   = errHub.Code("secret_already_exists").StatusError("Secret or directory already exists, please update or create a different secret", http.StatusConflict)
	ErrSecretNotFound        = errHub.Code("secret_not_found").StatusError("Secret not found", http.StatusNotFound)
	ErrSecretVersionNotFound = errHub.Code("version_not_found").StatusError("Version of secret not found", http.StatusNotFound)
	ErrSecretKeyNotFound     = errHub.Code("secret_key_not_found").StatusError("Key for secret not found", http.StatusNotFound)

	// Secret Keys
	ErrSecretKeyFlagged = errAPI.Code("secret_key_flagged").StatusError(fmt.Sprintf("Cannot write new secrets with a key that has status %s", StatusFlagged), http.StatusBadRequest)
	ErrNoOKSecretKey    = errAPI.Code("no_secret_key_found_with_status_ok").StatusError(fmt.Sprintf("No secret key found with status %s", StatusOK), http.StatusNotFound)

	// Organization
	ErrOrgAlreadyExists         = errAPI.Code("org_already_exists").StatusError("Organization already exists, please create a different organization", http.StatusConflict)
	ErrOrgNotFound              = errAPI.Code("org_not_found").StatusError("Organization not found", http.StatusNotFound)
	ErrOrgMemberNotFound        = errAPI.Code("org_member_not_found").StatusError("Organization member not found", http.StatusNotFound)
	ErrOrgMemberAlreadyExists   = errAPI.Code("org_member_already_exists").StatusError("Organization member already exists", http.StatusConflict)
	ErrInvalidOrgRole           = errAPI.Code("invalid_org_role").StatusError("Organization role is invalid. Must be either `admin` or `member`", http.StatusBadRequest)
	ErrCannotRemoveLastOrgAdmin = errAPI.Code("cannot_remove_last_org_admin").StatusError("The last admin of an organization cannot be removed.", http.StatusForbidden)

	// User
	ErrUserEmailAlreadyExists = errHub.Code("user_email_already_exists").StatusError("That email address is already in use", http.StatusConflict)
	ErrUsernameAlreadyExists  = errHub.Code("username_already_exists").StatusError("A user with the given username already exists, please choose a different username", http.StatusConflict)
	ErrUserNotFound           = errHub.Code("user_not_found").StatusError("User not found, please verify username", http.StatusNotFound)
	ErrNotAUser               = errHub.Code("not_a_user").StatusError("Only users can perform this action", http.StatusForbidden)
	ErrNotOwner               = errHub.Code("not_owner").StatusError("Only repo owners can perform this action", http.StatusForbidden)
	ErrCannotAddYourself      = errHub.Code("cannot_add_self").StatusError("You cannot add yourself to your repo", http.StatusForbidden)
	ErrCannotRemoveYourself   = errHub.Code("cannot_remove_self").StatusError("You cannot remove yourself from your repo", http.StatusForbidden)

	// Service
	ErrServiceNotFound      = errHub.Code("service_not_found").StatusError("Service not found", http.StatusNotFound)
	ErrAccountIsNotService  = errHub.Code("not_a_service").StatusError("Account name does not represent a service", http.StatusBadRequest)
	ErrServiceAlreadyExists = errHub.Code("service_already_exists").StatusError("Service already exists, please create a different service", http.StatusConflict)
	ErrNoAdminAccess        = errHub.Code("no_admin_access").StatusError("Only accounts with Admin access can perform this action", http.StatusForbidden)
	ErrMemberAlreadyExists  = errHub.Code("member_already_exists").StatusError("The member already exists", http.StatusConflict)

	// AWS IdP
	ErrAWSRoleAlreadyTaken = errHub.Code("aws_role_taken").StatusError("a service account coupled to that IAM role already exists. Delete the existing service account or create a new one using a different IAM role.", http.StatusConflict)

	// GCP IdP
	ErrGCPServiceAccountAlreadyTaken = errHub.Code("gcp_service_account_taken").StatusError("a SecretHub service account coupled to that GCP Service Account email already exists. Delete the existing SecretHub service account or create a new one using a different GCP Service Account email.", http.StatusConflict)

	// Account
	ErrAccountNotFound    = errHub.Code("account_not_found").StatusError("Account not found", http.StatusNotFound)
	ErrUnknownSubjectType = errHub.Code("unknown_subject_type").Error("Unknown subject type") // no status error because it is an internal error
	ErrUnknownAccountType = errHub.Code("unknown_account_type").Error("Unknown account type") // no status error because it is an internal error
	ErrNotMemberOfRepo    = errHub.Code("not_repo_member").StatusError("Account is not a member of the repo", http.StatusBadRequest)

	// Credential
	ErrCredentialNotFound      = errHub.Code("credential_not_found").StatusError("Credential not found", http.StatusNotFound)
	ErrCredentialAlreadyExists = errHub.Code("credential_already_exists").StatusError("A credential with the given identifier already exists", http.StatusConflict)

	// Account key
	ErrPublicAccountKeyConflict = errHub.Code("public_account_key_does_not_match").StatusError("A different public account key is already registered for this account", http.StatusConflict)
	ErrPrivateKeyAlreadyExists  = errHub.Code("private_key_already_exists").StatusError("A private key for this credential already exists.", http.StatusConflict)
	ErrCredentialNotKeyed       = errHub.Code("credential_not_keyed").StatusError("The account key has not been encrypted for this credential", http.StatusNotFound)

	// Dirs
	ErrCannotRemoveLastRootAdmin = errHub.Code("cannot_remove_last_root_admin").StatusError("Cannot remove the last admin on the repo root", http.StatusBadRequest)
)

Errors returned by the SecretHub API

View Source 
var (
	ErrInvalidServiceID = errAPI.Code("invalid_service_id").StatusError(
		"service id is 14 characters long and starts with s-",
		http.StatusBadRequest,
	)
	ErrInvalidServiceDescription = errAPI.Code("invalid_service_description").StatusError(
		fmt.Sprintf(
			"service descriptions can at most be %d long and cannot contain any newlines or tabs",
			serviceDescriptionMaxLength,
		),
		http.StatusBadRequest,
	)
	ErrAccessDeniedToKMSKey = errAPI.Code("access_denied").StatusError("access to KMS key is denied", http.StatusForbidden)
)

Errors

View Source 
var (
	ErrParentDirNotAvailable = errAPI.Code("parent_dir_not_available").StatusError("the parent directory is not available in EncryptedTree", http.StatusInternalServerError)
	ErrMultipleRootDirs      = errAPI.Code("multiple_root_dirs").StatusError("there are multiple root directories possible", http.StatusInternalServerError)
)

Errors

View Source 
var (
	ErrInvalidUsername = errAPI.Code("invalid_username").StatusError(
		"usernames must be between 3 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrUsernameMustContainAlphanumeric = errAPI.Code("username_must_contain_alphanumeric").StatusError(
		"usernames must contain at least one alphanumeric character ",
		http.StatusBadRequest,
	)
	ErrUsernameIsService = errAPI.Code("username_is_service").StatusError(
		"usernames cannot start with s- as that prefix is reserved for service accounts",
		http.StatusBadRequest,
	)
	ErrInvalidPublicKey = errAPI.Code("invalid_public_key").StatusError("public key is invalid", http.StatusBadRequest)
	ErrInvalidEmail     = errAPI.Code("invalid_email").StatusError("email address is invalid", http.StatusBadRequest)
	ErrInvalidFullName  = errAPI.Code("invalid_full_name").StatusError(
		"full names may be at most 128 characters long and "+
			"may only contain (special) letters, apostrophes ('), spaces and dashes (-)",
		http.StatusBadRequest,
	)
	ErrNoPasswordNorCredential     = errAPI.Code("no_password_nor_credential").StatusError("either a password or a credential should be supplied", http.StatusBadRequest)
	ErrTooManyVerificationRequests = errAPI.Code("too_many_verification_requests").StatusError("another verification email was requested recently, please wait a few minutes before trying again", http.StatusTooManyRequests)
)

Errors

View Source 
var (
	ErrAccessLevelUnknown = errAPI.Code("access_level_unknown").Error("The access level is not known")
)

Error

View Source 
var (
	ErrEncryptedDataTooBig = errAPI.Code("encrypted_data_too_big").Error(fmt.Sprintf("maximum size of encrypted data is %s", units.BytesSize(MaxEncryptedSecretSize)))
)

Errors

Functions

func GetFingerprint added in v0.21.0 

func GetFingerprint(t CredentialType, verifier []byte) string

GetFingerprint returns the fingerprint of a credential.

func Int added in v0.21.0 

func Int(val int) *int

Int converts an int into a *int.

func IntValue added in v0.21.0 

func IntValue(val *int) int

IntValue safely converts a *int into an int.

func IsErrDisabled added in v0.30.0 

func IsErrDisabled(err error) bool

IsErrDisabled returns whether the given error is caused because the feature is disabled.

func IsErrNotFound added in v0.21.0 

func IsErrNotFound(err error) bool

IsErrNotFound returns whether the given error is caused by a un-existing resource.

func IsKnownError added in v0.30.0 

func IsKnownError(err error) bool

IsKnownError returns whether the given error is a known SecretHub error.

func JoinPaths added in v0.21.0 

func JoinPaths(components ...string) string

JoinPaths joins any number of path elements into a single path.

func ProjectIDFromGCPEmail added in v0.30.0 

func ProjectIDFromGCPEmail(in string) (string, error)

ProjectIDFromGCPEmail returns the project ID included in the email of a GCP Service Account. If the input is not a valid user-managed GCP Service Account email, an error is returned.

func String added in v0.21.0 

func String(val string) *string

String converts a string into a *string.

func StringValue added in v0.21.0 

func StringValue(val *string) string

StringValue safely converts a *string into a string.

func ValidateAccountName 

func ValidateAccountName(name string) error

ValidateAccountName validates an AcccountName.

func ValidateBlindName 

func ValidateBlindName(blindName string) error

ValidateBlindName validates a blind name.

func ValidateCredentialDescription added in v0.25.0 

func ValidateCredentialDescription(description string) error

ValidateCredentialDescription validates the description for a credential.

func ValidateCredentialFingerprint added in v0.25.0 

func ValidateCredentialFingerprint(fingerprint string) error

ValidateCredentialFingerprint validates whether the given string is a valid credential fingerprint.

func ValidateDirPath 

func ValidateDirPath(path string) error

ValidateDirPath validates a dir path of form :owner/:repo_name/[parents/]*:directory

func ValidateEmail 

func ValidateEmail(email string) error

ValidateEmail validates an email address.

func ValidateFullName 

func ValidateFullName(fullName string) error

ValidateFullName validates a user's full name.

func ValidateGCPKMSKeyResourceID added in v0.29.0 

func ValidateGCPKMSKeyResourceID(v string) error

ValidateGCPKMSKeyResourceID validates whether the given string is potentially a valid resource ID for a GCP KMS key The function does a best-effort check. If no error is returned, this does not mean the value is accepted by GCP.

func ValidateGCPProjectID added in v0.30.0 

func ValidateGCPProjectID(projectID string) error

ValidateGCPProjectID returns an error if the provided value is not a valid GCP project ID.

func ValidateGCPUserManagedServiceAccountEmail added in v0.30.0 

func ValidateGCPUserManagedServiceAccountEmail(v string) error

ValidateGCPUserManagedServiceAccountEmail validates whether the given string is potentially a valid email for a user-managed GCP Service Account. The function does a best-effort check. If no error is returned, this does not mean the value is accepted by GCP.

func ValidateLinkedID added in v0.30.0 

func ValidateLinkedID(linkType IdentityProviderLinkType, linkedID string) error

ValidateLinkedID calls the validation function corresponding to the link type and returns the corresponding result.

func ValidateNamespace 

func ValidateNamespace(namespace string) error

ValidateNamespace validates a username.

func ValidateOrgDescription 

func ValidateOrgDescription(description string) error

ValidateOrgDescription validates an organization description.

func ValidateOrgName 

func ValidateOrgName(name string) error

ValidateOrgName validates an organization name.

func ValidateOrgRole 

func ValidateOrgRole(role string) error

ValidateOrgRole validates an organization role.

func ValidateRepoName 

func ValidateRepoName(name string) error

ValidateRepoName validates a repo name.

func ValidateRepoPath 

func ValidateRepoPath(path string) error

ValidateRepoPath validates a repo path of form :owner/:repo_name

func ValidateSecretName 

func ValidateSecretName(name string) error

ValidateSecretName validates a secret name.

func ValidateSecretPath 

func ValidateSecretPath(path string) error

ValidateSecretPath validates a secret path of form :owner/:repo_name/:secretname

func ValidateServiceDescription 

func ValidateServiceDescription(description string) error

ValidateServiceDescription validates a service description.

func ValidateServiceID 

func ValidateServiceID(serviceID string) error

ValidateServiceID validates a service id.

func ValidateSetupCode added in v0.31.0 

func ValidateSetupCode(code string) error

ValidateSetupCode checks whether the given string has the format of a valid setup code.

func ValidateShortCredentialFingerprint added in v0.25.0 

func ValidateShortCredentialFingerprint(fingerprint string) error

ValidateShortCredentialFingerprint validates whether the given string can be used as a short version of a credential fingerprint.

func ValidateUsername 

func ValidateUsername(username string) error

ValidateUsername validates a username.

Types

type AccessLevel 

type AccessLevel struct {
	Account    *Account   `json:"account"`
	AccountID  uuid.UUID  `json:"account_id"`
	DirID      uuid.UUID  `json:"dir_id"`
	Permission Permission `json:"permission"`
}

AccessLevel defines the permissions of an account on a directory and is the effect of one or more access rules on the directory itself or its parent(s).

type AccessRule 

type AccessRule struct {
	Account       *Account   `json:"account"`
	AccountID     uuid.UUID  `json:"account_id"`
	DirID         uuid.UUID  `json:"dir_id"`
	RepoID        uuid.UUID  `json:"repo_id"`
	Permission    Permission `json:"permission"`
	CreatedAt     time.Time  `json:"created_at"`
	LastChangedAt time.Time  `json:"last_changed_at"`
}

AccessRule defines the permission of an account on a directory and its children.

type Account 

type Account struct {
	AccountID   uuid.UUID   `json:"account_id"`
	Name        AccountName `json:"name"`
	PublicKey   []byte      `json:"public_key"`
	AccountType string      `json:"account_type"`
	CreatedAt   time.Time   `json:"created_at"`
}

Account represents an account on SecretHub.

type AccountName 

type AccountName string

AccountName represents the name of either a user or a service.

func NewAccountName 

func NewAccountName(name string) (AccountName, error)

NewAccountName validates an account's name and returns it as a typed AccountName when valid.

func (AccountName) IsService 

func (n AccountName) IsService() bool

IsService returns true if the AccountName contains the name of a service.

func (AccountName) IsUser 

func (n AccountName) IsUser() bool

IsUser returns true if the AccountName contains the name of a user.

func (*AccountName) Set 

func (n *AccountName) Set(value string) error

Set sets the AccountName to the value.

func (AccountName) String 

func (n AccountName) String() string

String returns the account's name as a string to be used for printing.

func (AccountName) Validate 

func (n AccountName) Validate() error

Validate checks whether an AccountName is valid.

func (AccountName) Value 

func (n AccountName) Value() string

Value returns the account's name as a string to be used in communication with the client and in transportation to the server.

type Audit 

type Audit struct {
	EventID   uuid.UUID    `json:"event_id"`
	Action    AuditAction  `json:"action"`
	IPAddress string       `json:"ip_address"`
	LoggedAt  time.Time    `json:"logged_at"`
	Repo      Repo         `json:"repo"`
	Actor     AuditActor   `json:"actor"`
	Subject   AuditSubject `json:"subject"`
}

Audit represents an AuditEvent in SecretHub.

type AuditAction 

type AuditAction string

AuditAction represents the action that was performed to create this audit event. 

const (
	AuditActionUnknown AuditAction = "unknown"
	AuditActionCreate  AuditAction = "create"
	AuditActionRead    AuditAction = "read"
	AuditActionUpdate  AuditAction = "update"
	AuditActionDelete  AuditAction = "delete"
)

AuditAction values.

type AuditActor 

type AuditActor struct {
	ActorID uuid.UUID `json:"id,omitempty"`
	Deleted bool      `json:"deleted,omitempty"`
	// Type is `user` or `service`. When actor is deleted, type is always `account`
	Type    string   `json:"type"`
	User    *User    `json:"user,omitempty"`
	Service *Service `json:"service,omitempty"`
}

AuditActor represents the Account of an AuditEvent

type AuditSubject 

type AuditSubject struct {
	SubjectID uuid.UUID `json:"id,omitempty"`
	Deleted   bool      `json:"deleted,omitempty"`
	// Type is `user`, `service`, `repo`, `secret`, `secret_version` or `secret_key`. When subject is deleted, user and service are indicated with type `account`
	Type                   AuditSubjectType        `json:"type"`
	User                   *User                   `json:"user,omitempty"`
	Service                *Service                `json:"service,omitempty"`
	Repo                   *Repo                   `json:"repo,omitempty"`
	EncryptedSecret        *EncryptedSecret        `json:"encrypted_secret,omitempty"` // This is converted to a Secret by the Client.
	Secret                 *Secret                 `json:"secret,omitempty"`
	EncryptedSecretVersion *EncryptedSecretVersion `json:"encrypted_secret_version,omitempty"` // This is converted to a SecretVersion by the Client.
	SecretVersion          *SecretVersion          `json:"secret_version,omitempty"`
}

AuditSubject represents the Subject of an AuditEvent

type AuditSubjectType 

type AuditSubjectType string

AuditSubjectType represents the type of an audit subject.

type AuditSubjectTypeList 

type AuditSubjectTypeList []AuditSubjectType

AuditSubjectTypeList represents a list of AuditSubjectTypes.

func (AuditSubjectTypeList) Join 

func (l AuditSubjectTypeList) Join(separator string) string

Join converts an AuditSubjectTypeList to a string where each AuditSubjectType is separated by separator.

type AuthPayloadAWSSTS added in v0.21.0 

type AuthPayloadAWSSTS struct {
	Region  string `json:"region"`
	Request []byte `json:"request"`
}

AuthPayloadAWSSTS is the authentication payload used for authenticating with AWS STS.

func (AuthPayloadAWSSTS) Validate added in v0.21.0 

func (pl AuthPayloadAWSSTS) Validate() error

Validate whether the AuthPayloadAWSSTS is valid.

type AuthPayloadGCPServiceAccount added in v0.29.0 

type AuthPayloadGCPServiceAccount struct {
	IDToken string `json:"id_token"`
}

AuthPayloadGCPServiceAccount is the authentication payload used for authenticating with a GCP Service Account.

func (AuthPayloadGCPServiceAccount) Validate added in v0.29.0 

func (pl AuthPayloadGCPServiceAccount) Validate() error

type AuthRequest added in v0.21.0 

type AuthRequest struct {
	Method      string      `json:"method"`
	SessionType SessionType `json:"session_type"`
	Payload     interface{} `json:"payload"`
}

AuthRequest is a request to authenticate and request a session.

func NewAuthRequestAWSSTS added in v0.21.0 

func NewAuthRequestAWSSTS(sessionType SessionType, region string, stsRequest []byte) AuthRequest

NewAuthRequestAWSSTS returns a new AuthRequest for authentication using AWS STS.

func NewAuthRequestGCPServiceAccount added in v0.29.0 

func NewAuthRequestGCPServiceAccount(sessionType SessionType, idToken string) AuthRequest

NewAuthRequestGCPServiceAccount returns a new AuthRequest for authentication using a GCP Service Account.

func (*AuthRequest) UnmarshalJSON added in v0.21.0 

func (r *AuthRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON converts a JSON representation into a AuthRequest with the correct Payload.

func (*AuthRequest) Validate added in v0.21.0 

func (r *AuthRequest) Validate() error

Validate whether an AuthRequest is a valid request.

type BlindNamePath 

type BlindNamePath interface {
	// BlindName returns the blindname corresponding to this path.
	BlindName(key *crypto.SymmetricKey) (string, error)
	// GetRepoPath returns the RepoPath inside this BlindNamePath.
	GetRepoPath() RepoPath
}

BlindNamePath represents a path that can be converted into a BlindName and exposes the necessary functions.

type CreateAccessRuleRequest 

type CreateAccessRuleRequest struct {
	Permission       Permission                    `json:"permission"`
	EncryptedDirs    []EncryptedNameForNodeRequest `json:"encrypted_dirs"`
	EncryptedSecrets []SecretAccessRequest         `json:"encrypted_secrets"`
}

CreateAccessRuleRequest contains the request fields for creating an AccessRule.

func (*CreateAccessRuleRequest) Validate 

func (car *CreateAccessRuleRequest) Validate() error

Validate validates the request fields.

type CreateAccountKeyRequest 

type CreateAccountKeyRequest struct {
	EncryptedPrivateKey *EncryptedData `json:"encrypted_private_key"`
	PublicKey           []byte         `json:"public_key"`
}

CreateAccountKeyRequest contains the fields to add an account_key encrypted for a credential.

func (CreateAccountKeyRequest) Validate 

func (req CreateAccountKeyRequest) Validate() error

Validate checks whether the request is valid.

type CreateCredentialRequest 

type CreateCredentialRequest struct {
	Type        CredentialType           `json:"type"`
	Fingerprint string                   `json:"fingerprint"`
	Description *string                  `json:"name,omitempty"`
	Verifier    []byte                   `json:"verifier"`
	Proof       interface{}              `json:"proof"`
	Metadata    map[string]string        `json:"metadata"`
	AccountKey  *CreateAccountKeyRequest `json:"account_key,omitempty"`
}

CreateCredentialRequest contains the fields to add a credential to an account. 

func (req *CreateCredentialRequest) RequiredIDPLink() (IdentityProviderLinkType, string, error)

RequiredIDPLink can be used if the credential requires an IDP Link to exist before creation. It returns the link type and the linked ID if a link is required. It returns empty strings if no link is required for the credential type.

func (*CreateCredentialRequest) UnmarshalJSON added in v0.21.0 

func (req *CreateCredentialRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON converts a JSON representation into a CreateCredentialRequest with the correct Proof.

func (*CreateCredentialRequest) Validate 

func (req *CreateCredentialRequest) Validate() error

Validate validates the request fields.

type CreateDirRequest 

type CreateDirRequest struct {
	BlindName       string `json:"blind_name"`
	ParentBlindName string `json:"parent_blind_name"`

	EncryptedNames []EncryptedNameRequest `json:"encrypted_names"`
}

CreateDirRequest contains the request fields for creating a new directory.

func (*CreateDirRequest) Validate 

func (cdr *CreateDirRequest) Validate() error

Validate validates the CreateDirRequest to be valid.

type CreateIdentityProviderLinkGCPRequest added in v0.30.0 

type CreateIdentityProviderLinkGCPRequest struct {
	RedirectURL       string `json:"redirect_url"`
	AuthorizationCode string `json:"authorization_code"`
}

type CreateOrgMemberRequest 

type CreateOrgMemberRequest struct {
	Username string `json:"username"`
	Role     string `json:"role"`
}

CreateOrgMemberRequest contains the required fields for creating a user's organization membership.

func (CreateOrgMemberRequest) Validate 

func (req CreateOrgMemberRequest) Validate() error

Validate validates the request fields.

type CreateOrgRequest 

type CreateOrgRequest struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

CreateOrgRequest contains the required fields for creating an organization.

func (CreateOrgRequest) Validate 

func (req CreateOrgRequest) Validate() error

Validate validates the request fields.

type CreateRepoMemberRequest 

type CreateRepoMemberRequest struct {
	RepoEncryptionKey []byte `json:"repo_encryption_key"`
	RepoIndexKey      []byte `json:"repo_index_key"`
}

CreateRepoMemberRequest contains the required fields for adding a user to a repo.

func (CreateRepoMemberRequest) Validate 

func (req CreateRepoMemberRequest) Validate() error

Validate validates a CreateRepoMemberRequests

type CreateRepoRequest 

type CreateRepoRequest struct {
	Name       string                   `json:"name"`
	RootDir    *CreateDirRequest        `json:"root_dir"`
	RepoMember *CreateRepoMemberRequest `json:"repo_member"`
}

CreateRepoRequest contains the required fields for a Repo.

func (CreateRepoRequest) Validate 

func (crr CreateRepoRequest) Validate() error

Validate validates the request fields.

type CreateSecretKeyRequest 

type CreateSecretKeyRequest struct {
	EncryptedFor []EncryptedKeyRequest `json:"encrypted_for"`
}

CreateSecretKeyRequest contains the request fields for creating a new secret key.

func (*CreateSecretKeyRequest) Validate 

func (r *CreateSecretKeyRequest) Validate() error

Validate validates the request fields.

type CreateSecretRequest 

type CreateSecretRequest struct {
	BlindName     string               `json:"blind_name"`
	EncryptedData crypto.CiphertextAES `json:"encrypted_data"`

	EncryptedNames []EncryptedNameRequest `json:"encrypted_names"`
	EncryptedKeys  []EncryptedKeyRequest  `json:"encrypted_keys"`
}

CreateSecretRequest contains the request fields for creating a new secret, together with its first version, encrypted for accounts that need access.

func (*CreateSecretRequest) Validate 

func (csr *CreateSecretRequest) Validate() error

Validate validates the request fields.

type CreateSecretVersionRequest 

type CreateSecretVersionRequest struct {
	EncryptedData crypto.CiphertextAES `json:"encrypted_data"`
	SecretKeyID   uuid.UUID            `json:"secret_key_id"`
}

CreateSecretVersionRequest contains the request fields for creating a secret version with a secret key.

func (*CreateSecretVersionRequest) Validate 

func (csvr *CreateSecretVersionRequest) Validate() error

Validate validates the request fields.

type CreateServiceRequest 

type CreateServiceRequest struct {
	Description string                   `json:"description"`
	Credential  *CreateCredentialRequest `json:"credential"`
	RepoMember  *CreateRepoMemberRequest `json:"repo_member"`
}

CreateServiceRequest contains the required fields for creating an Service.

func (CreateServiceRequest) Validate 

func (req CreateServiceRequest) Validate() error

Validate validates the request fields.

type Credential 

type Credential struct {
	AccountID   uuid.UUID         `json:"account_id"`
	Type        CredentialType    `json:"type"`
	CreatedAt   time.Time         `json:"created_at"`
	Fingerprint string            `json:"fingerprint"`
	Description string            `json:"description"`
	Verifier    []byte            `json:"verifier"`
	Metadata    map[string]string `json:"metadata,omitempty"`
	Enabled     bool              `json:"enabled"`
}

Credential is used to authenticate to the API and to encrypt the account key.

type CredentialProofAWS added in v0.21.0 

type CredentialProofAWS struct {
	Region  string `json:"region"`
	Request []byte `json:"request"`
}

CredentialProofAWS is proof for when the credential type is AWSSTS.

func (CredentialProofAWS) Validate added in v0.21.0 

func (p CredentialProofAWS) Validate() error

Validate whether the CredentialProofAWS is valid.

type CredentialProofBackupCode added in v0.25.0 

type CredentialProofBackupCode struct{}

CredentialProofBackupCode is proof for when the credential type is backup key.

type CredentialProofGCPServiceAccount added in v0.29.0 

type CredentialProofGCPServiceAccount struct{}

CredentialProofKey is proof for when the credential type is GCPServiceAccount.

type CredentialProofKey added in v0.21.0 

type CredentialProofKey struct{}

CredentialProofKey is proof for when the credential type is RSA.

type CredentialType 

type CredentialType string

CredentialType is used to identify the type of algorithm that is used for a credential. 

const (
	CredentialTypeKey               CredentialType = "key"
	CredentialTypeAWS               CredentialType = "aws"
	CredentialTypeBackupCode        CredentialType = "backup-code"
	CredentialTypeGCPServiceAccount CredentialType = "gcp-service-account"
)

Credential types

type Dir 

type Dir struct {
	DirID          uuid.UUID  `json:"dir_id"`
	BlindName      string     `json:"blind_name"`
	Name           string     `json:"name"`
	ParentID       *uuid.UUID `json:"parent_id"`
	Status         string     `json:"status"`
	CreatedAt      time.Time  `json:"created_at"`
	LastModifiedAt time.Time  `json:"last_modified_at"`
	SubDirs        []*Dir     `json:"sub_dirs"`
	Secrets        []*Secret  `json:"secrets"`
}

Dir represents an directory. A dir belongs to a repo and contains other dirs and secrets.

type DirPath 

type DirPath ParentPath

DirPath is a parse for dir paths of form :owner/:repo_name/[parents/]*:directory

func NewDirPath 

func NewDirPath(path string) (DirPath, error)

NewDirPath formats a RepoPath from an owner, repo string.

func (DirPath) BlindName 

func (dp DirPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName returns the blind name of the DirPath.

func (DirPath) GetDirName 

func (dp DirPath) GetDirName() string

GetDirName returns the dir name.

func (DirPath) GetNamespace 

func (dp DirPath) GetNamespace() string

GetNamespace returns the namespace of the Repo.

func (DirPath) GetParentPath 

func (dp DirPath) GetParentPath() (ParentPath, error)

GetParentPath returns the parent of the directory.

func (DirPath) GetRepo 

func (dp DirPath) GetRepo() string

GetRepo returns the name of the Repo.

func (DirPath) GetRepoPath 

func (dp DirPath) GetRepoPath() RepoPath

GetRepoPath returns the namespace and repo name of the Repo.

func (DirPath) HasParentDirectory 

func (dp DirPath) HasParentDirectory() bool

HasParentDirectory returns if the DirPath has a parent directory.

func (DirPath) IsRepoPath 

func (dp DirPath) IsRepoPath() bool

IsRepoPath returns if the dir path is on repo level.

func (DirPath) JoinDir 

func (dp DirPath) JoinDir(dirName string) DirPath

JoinDir constructs a new DirPath combined by the dirPath and dirName.

func (DirPath) JoinSecret 

func (dp DirPath) JoinSecret(secretName string) SecretPath

JoinSecret constructs a new SecretPath combined by the dirPath and dirName.

func (*DirPath) Set 

func (dp *DirPath) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (DirPath) String 

func (dp DirPath) String() string

String returns the dir path as a string to be used for printing.

func (DirPath) Validate 

func (dp DirPath) Validate() error

Validate validates a dir path of form :owner/:repo_name/[parents/]*:directory

func (DirPath) Value 

func (dp DirPath) Value() string

Value returns the dir path as a string to be used in communication with the client and in transportation to the server.

type EncryptedAccountKey 

type EncryptedAccountKey struct {
	Account             *Account       `json:"account"`
	PublicKey           []byte         `json:"public_key"`
	EncryptedPrivateKey *EncryptedData `json:"encrypted_private_key"`
	Credential          *Credential    `json:"credential"`
}

EncryptedAccountKey represents an account key encrypted with a credential.

type EncryptedData added in v0.21.0 

type EncryptedData struct {
	Algorithm  EncryptionAlgorithm `json:"algorithm"`
	Key        interface{}         `json:"key"`
	Parameters interface{}         `json:"parameters,omitempty"`
	Metadata   interface{}         `json:"metadata,omitempty"`
	Ciphertext []byte              `json:"ciphertext"`
}

EncryptedData contains data that is encrypted with an algorithm described by Algorithm. If the encryption method requires metadata, this is contained in Metadata.

func NewEncryptedDataAESGCM added in v0.21.0 

func NewEncryptedDataAESGCM(ciphertext, nonce []byte, nonceLength int, key interface{}) *EncryptedData

NewEncryptedDataAESGCM creates a new EncryptedData with the AES-GCM algorithm.

func NewEncryptedDataAWSKMS added in v0.21.0 

func NewEncryptedDataAWSKMS(ciphertext []byte, key *EncryptionKeyAWS) *EncryptedData

NewEncryptedDataAWSKMS creates a new EncryptedData with the AWS-KMS algorithm.

func NewEncryptedDataGCPKMS added in v0.29.0 

func NewEncryptedDataGCPKMS(ciphertext []byte, key *EncryptionKeyGCP) *EncryptedData

NewEncryptedDataAWSKMS creates a new EncryptedData with the GCP-KMS algorithm.

func NewEncryptedDataRSAOAEP added in v0.21.0 

func NewEncryptedDataRSAOAEP(ciphertext []byte, hashingAlgorithm HashingAlgorithm, key interface{}) *EncryptedData

NewEncryptedDataRSAOAEP creates a new EncryptedData with the RSA-OAEP algorithm.

func (*EncryptedData) AESGCM added in v0.25.0 

func (ed *EncryptedData) AESGCM() (*EncryptedDataAESGCM, error)

AESGCM casts the EncryptedData to EncryptedDataAESGCM. Returns an error if the EncryptedData does not have AESGCM as its algorithm.

func (*EncryptedData) UnmarshalJSON added in v0.21.0 

func (ed *EncryptedData) UnmarshalJSON(b []byte) error

UnmarshalJSON populates an EncryptedData from a JSON representation.

func (*EncryptedData) Validate added in v0.21.0 

func (ed *EncryptedData) Validate() error

Validate whether the EncryptedData is valid.

type EncryptedDataAESGCM added in v0.25.0 

type EncryptedDataAESGCM struct {
	Key        interface{}
	Parameters EncryptionParametersAESGCM
	Metadata   EncryptionMetadataAESGCM
	Ciphertext []byte
}

EncryptedDataAESGCM is a typed EncryptedData for the AESGCM algorithm.

type EncryptedDir 

type EncryptedDir struct {
	DirID          uuid.UUID            `json:"dir_id"`
	BlindName      string               `json:"blind_name"`
	EncryptedName  crypto.CiphertextRSA `json:"encrypted_name"`
	ParentID       *uuid.UUID           `json:"parent_id"`
	Status         string               `json:"status"`
	CreatedAt      time.Time            `json:"created_at"`
	LastModifiedAt time.Time            `json:"last_modified_at"`
}

EncryptedDir represents an encrypted Dir. The names are encrypted and so are the names of SubDirs and Secrets. The secrets contain no encrypted data, only the encrypted name.

func (*EncryptedDir) Decrypt 

func (ed *EncryptedDir) Decrypt(accountKey *crypto.RSAPrivateKey) (*Dir, error)

Decrypt decrypts an EncryptedDir into a Dir.

type EncryptedKeyRequest 

type EncryptedKeyRequest struct {
	AccountID    uuid.UUID            `json:"account_id"`
	EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"`
}

EncryptedKeyRequest contains the request fields for re-encrypted for an account.

func (*EncryptedKeyRequest) Validate 

func (r *EncryptedKeyRequest) Validate() error

Validate validates the request fields.

type EncryptedNameForNodeRequest 

type EncryptedNameForNodeRequest struct {
	EncryptedNameRequest
	NodeID uuid.UUID `json:"node_id"`
}

EncryptedNameForNodeRequest contains an EncryptedName for an Account and the corresponding NodeID.

func (EncryptedNameForNodeRequest) Validate 

func (nnr EncryptedNameForNodeRequest) Validate() error

Validate validates the EncryptedNameForNodeRequest.

type EncryptedNameRequest 

type EncryptedNameRequest struct {
	AccountID     uuid.UUID            `json:"account_id"`
	EncryptedName crypto.CiphertextRSA `json:"encrypted_name"`
}

EncryptedNameRequest contains an EncryptedName for an Account.

func (*EncryptedNameRequest) Validate 

func (enr *EncryptedNameRequest) Validate() error

Validate validates the EncryptedNameRequest to be valid.

type EncryptedSecret 

type EncryptedSecret struct {
	SecretID      uuid.UUID            `json:"secret_id"`
	DirID         uuid.UUID            `json:"dir_id"`
	RepoID        uuid.UUID            `json:"repo_id"`
	EncryptedName crypto.CiphertextRSA `json:"encrypted_name"`
	BlindName     string               `json:"blind_name"`
	VersionCount  int                  `json:"version_count"`
	LatestVersion int                  `json:"latest_version"`
	Status        string               `json:"status"`
	CreatedAt     time.Time            `json:"created_at"`
}

EncryptedSecret represents an encrypted Secret It does not contain the encrypted data. Only the encrypted name.

func (*EncryptedSecret) Decrypt 

func (es *EncryptedSecret) Decrypt(accountKey *crypto.RSAPrivateKey) (*Secret, error)

Decrypt decrypts an EncryptedSecret into a Secret.

func (*EncryptedSecret) ToAuditSubject 

func (es *EncryptedSecret) ToAuditSubject() *AuditSubject

ToAuditSubject converts an EncryptedSecret to an AuditSubject

type EncryptedSecretKey 

type EncryptedSecretKey struct {
	SecretKeyID  uuid.UUID            `json:"secret_key_id"`
	AccountID    uuid.UUID            `json:"account_id"`
	EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"`
}

EncryptedSecretKey represents a secret key, encrypted for a specific account.

func (*EncryptedSecretKey) Decrypt 

func (k *EncryptedSecretKey) Decrypt(accountKey *crypto.RSAPrivateKey) (*SecretKey, error)

Decrypt decrypts an EncryptedSecretKey into a SecretKey.

type EncryptedSecretVersion 

type EncryptedSecretVersion struct {
	SecretVersionID uuid.UUID             `json:"secret_version_id"`
	Secret          *EncryptedSecret      `json:"secret"`
	Version         int                   `json:"version"`
	SecretKey       *EncryptedSecretKey   `json:"secret_key,omitempty"`
	EncryptedData   *crypto.CiphertextAES `json:"encrypted_data,omitempty"`
	CreatedAt       time.Time             `json:"created_at"`
	Status          string                `json:"status"`
}

EncryptedSecretVersion represents a version of an encrypted Secret. It contains the encrypted data and the corresponding key.

func (*EncryptedSecretVersion) Decrypt 

func (esv *EncryptedSecretVersion) Decrypt(accountKey *crypto.RSAPrivateKey) (*SecretVersion, error)

Decrypt decrypts an EncryptedSecretVersion into a SecretVersion.

func (*EncryptedSecretVersion) ToAuditSubject 

func (esv *EncryptedSecretVersion) ToAuditSubject() *AuditSubject

ToAuditSubject converts a SecretVersion to an AuditSubject

type EncryptedTree 

type EncryptedTree struct {
	Directories map[uuid.UUID]*EncryptedDir
	Secrets     []*EncryptedSecret
}

EncryptedTree can construct a full tree at a certain path. It contains all dirs and secrets.

func (EncryptedTree) Decrypt 

func (t EncryptedTree) Decrypt(accountKey *crypto.RSAPrivateKey) (*Tree, error)

Decrypt decrypts and constructs a tree of the directories and secrets. Decrypt does not set the ParentPath.

func (EncryptedTree) DecryptContents 

func (t EncryptedTree) DecryptContents(accountKey *crypto.RSAPrivateKey) ([]*Dir, []*Secret, error)

DecryptContents decrypts every directory and Secret.

type EncryptionAlgorithm added in v0.21.0 

type EncryptionAlgorithm string

EncryptionAlgorithm specifies the encryption algorithm used for EncryptedData.

func (*EncryptionAlgorithm) UnmarshalJSON added in v0.21.0 

func (ed *EncryptionAlgorithm) UnmarshalJSON(b []byte) error

UnmarshalJSON populates an EncryptionAlgorithm by converting an input string to lowercase.

type EncryptionKey added in v0.21.0 

type EncryptionKey struct {
	Type KeyType `json:"type"`
}

EncryptionKey specifies the common fields for all types of encryption keys.

type EncryptionKeyAWS added in v0.21.0 

type EncryptionKeyAWS struct {
	EncryptionKey
	ID string `json:"id"`
}

EncryptionKeyAWS is a key that is stored in the AWS KMS service and which can be used for encryption by calling the AWS KMS API.

func NewEncryptionKeyAWS added in v0.21.0 

func NewEncryptionKeyAWS(id string) *EncryptionKeyAWS

NewEncryptionKeyAWS creates a EncryptionKeyAWS.

func (EncryptionKeyAWS) SupportsAlgorithm added in v0.21.0 

func (EncryptionKeyAWS) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeyAWS) Validate added in v0.21.0 

func (k EncryptionKeyAWS) Validate() error

Validate whether the EncryptionKeyAWS is valid.

type EncryptionKeyAccountKey added in v0.21.0 

type EncryptionKeyAccountKey struct {
	EncryptionKey
	Length int       `json:"length"`
	ID     uuid.UUID `json:"id"`
}

EncryptionKeyAccountKey is an account's master key that is used to encrypt data and/or keys specifically for an account.

func NewEncryptionKeyAccountKey added in v0.21.0 

func NewEncryptionKeyAccountKey(length int, id uuid.UUID) *EncryptionKeyAccountKey

NewEncryptionKeyAccountKey creates a EncryptionKeyAccountKey.

func (EncryptionKeyAccountKey) SupportsAlgorithm added in v0.21.0 

func (EncryptionKeyAccountKey) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeyAccountKey) Validate added in v0.21.0 

func (k EncryptionKeyAccountKey) Validate() error

Validate whether the EncryptionKeyAccountKey is valid.

type EncryptionKeyBootstrapCode added in v0.25.0 

type EncryptionKeyBootstrapCode struct {
	EncryptionKey
	Length int `json:"length"`
}

EncryptionKeyBootstrapCode is an encryption key that is stored as a code memorized by the user.

func NewEncryptionKeyBootstrapCode added in v0.25.0 

func NewEncryptionKeyBootstrapCode(length int) *EncryptionKeyBootstrapCode

NewEncryptionKeyLocal creates a EncryptionKeyBootstrapCode.

func (EncryptionKeyBootstrapCode) SupportsAlgorithm added in v0.25.0 

func (EncryptionKeyBootstrapCode) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeyBootstrapCode) Validate added in v0.25.0 

func (k EncryptionKeyBootstrapCode) Validate() error

Validate whether the EncryptionKeyBootstrapCode is valid.

type EncryptionKeyDerived added in v0.21.0 

type EncryptionKeyDerived struct {
	EncryptionKey
	Length     int                    `json:"length"`
	Algorithm  KeyDerivationAlgorithm `json:"algorithm"`
	Parameters interface{}            `json:"parameters,omitempty"`
	Metadata   interface{}            `json:"metadata,omitempty"`
}

EncryptionKeyDerived is an encryption key that can be derived from a passphrase.

func NewEncryptionKeyDerivedScrypt added in v0.21.0 

func NewEncryptionKeyDerivedScrypt(length, p, n, r int, salt []byte) *EncryptionKeyDerived

NewEncryptionKeyDerivedScrypt creates a EncryptionKeyDerived with scrypt as key derivation algorithm.

func (EncryptionKeyDerived) SupportsAlgorithm added in v0.21.0 

func (EncryptionKeyDerived) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (*EncryptionKeyDerived) UnmarshalJSON added in v0.21.0 

func (k *EncryptionKeyDerived) UnmarshalJSON(b []byte) error

UnmarshalJSON populates an EncryptionKeyDerived from a JSON representation.

func (EncryptionKeyDerived) Validate added in v0.21.0 

func (k EncryptionKeyDerived) Validate() error

Validate whether the EncryptionKeyDerived is valid.

type EncryptionKeyEncrypted added in v0.21.0 

type EncryptionKeyEncrypted struct {
	EncryptionKey
	Length       *int           `json:"length"`
	EncryptedKey *EncryptedData `json:"encrypted_key"`
}

EncryptionKeyEncrypted is an encryption key that has been encrypted by another key.

func NewEncryptionKeyEncrypted added in v0.21.0 

func NewEncryptionKeyEncrypted(length int, encryptedKey *EncryptedData) *EncryptionKeyEncrypted

NewEncryptionKeyEncrypted creates a EncryptionKeyEncrypted.

func (EncryptionKeyEncrypted) SupportsAlgorithm added in v0.21.0 

func (EncryptionKeyEncrypted) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeyEncrypted) Validate added in v0.21.0 

func (k EncryptionKeyEncrypted) Validate() error

Validate checks whether all the fields of the response are valid.

type EncryptionKeyGCP added in v0.29.0 

type EncryptionKeyGCP struct {
	EncryptionKey
	ID string `json:"id"`
}

EncryptionKeyGCP is a key that is stored in the GCP KMS service and which can be used for encryption by calling the GCP KMS API.

func NewEncryptionKeyGCP added in v0.29.0 

func NewEncryptionKeyGCP(id string) *EncryptionKeyGCP

NewEncryptionKeyGCP creates a EncryptionKeyGCP.

func (EncryptionKeyGCP) SupportsAlgorithm added in v0.29.0 

func (EncryptionKeyGCP) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeyGCP) Validate added in v0.29.0 

func (k EncryptionKeyGCP) Validate() error

Validate whether the EncryptionKeyAWS is valid.

type EncryptionKeyLocal added in v0.21.0 

type EncryptionKeyLocal struct {
	EncryptionKey
	Length int `json:"length"`
}

EncryptionKeyLocal is an encryption key that has is stored locally by the user.

func NewEncryptionKeyLocal added in v0.21.0 

func NewEncryptionKeyLocal(length int) *EncryptionKeyLocal

NewEncryptionKeyLocal creates a EncryptionKeyLocal.

func (EncryptionKeyLocal) SupportsAlgorithm added in v0.21.0 

func (EncryptionKeyLocal) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeyLocal) Validate added in v0.21.0 

func (k EncryptionKeyLocal) Validate() error

Validate whether the EncryptionKeyLocal is valid.

type EncryptionKeySecretKey added in v0.21.0 

type EncryptionKeySecretKey struct {
	EncryptionKey
	Length int       `json:"length"`
	ID     uuid.UUID `json:"id"`
}

EncryptionKeySecretKey is a key that is used to encrypt secrets

func NewEncryptionKeySecretKey added in v0.21.0 

func NewEncryptionKeySecretKey(length int, id uuid.UUID) *EncryptionKeySecretKey

NewEncryptionKeySecretKey creates a EncryptionKeySecretKey.

func (EncryptionKeySecretKey) SupportsAlgorithm added in v0.21.0 

func (EncryptionKeySecretKey) SupportsAlgorithm(a EncryptionAlgorithm) bool

SupportsAlgorithm returns true when the encryption key supports the given algorithm.

func (EncryptionKeySecretKey) Validate added in v0.21.0 

func (k EncryptionKeySecretKey) Validate() error

Validate whether the EncryptionKeySecretKey is valid.

type EncryptionMetadataAESGCM added in v0.21.0 

type EncryptionMetadataAESGCM struct {
	Nonce []byte `json:"nonce"`
}

EncryptionMetadataAESGCM is the metadata used by the AES-GCM encryption algorithm.

func (EncryptionMetadataAESGCM) Validate added in v0.21.0 

func (m EncryptionMetadataAESGCM) Validate() error

Validate checks whether the EncryptionMetadataAESGCM is valid.

type EncryptionParametersAESGCM added in v0.21.0 

type EncryptionParametersAESGCM struct {
	NonceLength int `json:"nonce_length"`
}

EncryptionParametersAESGCM are the parameters used by the AES-GCM encryption algorithm.

func (EncryptionParametersAESGCM) Validate added in v0.21.0 

func (p EncryptionParametersAESGCM) Validate() error

Validate checks whether the EncryptionParametersAESGCM is valid.

type EncryptionParametersRSAOAEP added in v0.21.0 

type EncryptionParametersRSAOAEP struct {
	HashingAlgorithm HashingAlgorithm `json:"hashing_algorithm"`
}

EncryptionParametersRSAOAEP are the parameters used by the RSA-OAEP encryption algorithm.

func (EncryptionParametersRSAOAEP) Validate added in v0.21.0 

func (p EncryptionParametersRSAOAEP) Validate() error

Validate checks whether the EncryptionParametersRSAOAEP is valid.

type HashingAlgorithm added in v0.21.0 

type HashingAlgorithm string

HashingAlgorithm specifies the hashing algorithm used for any encryption algorithm using hasing.

func (*HashingAlgorithm) UnmarshalJSON added in v0.21.0 

func (ed *HashingAlgorithm) UnmarshalJSON(b []byte) error

UnmarshalJSON populates an HashingAlgorithm by converting an input string to lowercase. 

type IdentityProviderLink struct {
	Type      IdentityProviderLinkType `json:"type"`
	Namespace string                   `json:"namespace"`
	LinkedID  string                   `json:"linked_id"`
	CreatedAt time.Time                `json:"created_at"`
}

IdentityProviderLink is a prerequisite for creating some identity provider backed service accounts. These links prove that a namespace's member has access to a resource (identified by the LinkedID) within the identity provider. Once a link between a namespace and an identity provider has been created, from then on service accounts can be created within the scope described by the LinkedID. For example, after creating a link to a GCP Project, GCP service accounts within that project can be used for the GCP Identity Provider.

The meaning of LinkedID depends on the type of the IdentityProviderLink in the following way: - GCP: LinkedID is a GCP Project ID.

type IdentityProviderLinkType added in v0.30.0 

type IdentityProviderLinkType string
const (
	IdentityProviderLinkGCP IdentityProviderLinkType = "gcp"
)

type InviteUserRequest 

type InviteUserRequest struct {
	AccountID  uuid.UUID                `json:"account_id"`
	RepoMember *CreateRepoMemberRequest `json:"repo_member"`
}

InviteUserRequest contains the required fields for inviting a user to a repo.

func (InviteUserRequest) Validate 

func (req InviteUserRequest) Validate() error

Validate validates a InviteUserRequest

type KeyDerivationAlgorithm added in v0.21.0 

type KeyDerivationAlgorithm string

KeyDerivationAlgorithm specifies the key derivation algorithm used for a derived key. 

const (
	KeyDerivationAlgorithmScrypt KeyDerivationAlgorithm = "scrypt"
)

Options for KeyDerivationAlgorithm

func (*KeyDerivationAlgorithm) UnmarshalJSON added in v0.21.0 

func (ed *KeyDerivationAlgorithm) UnmarshalJSON(b []byte) error

UnmarshalJSON populates an KeyDerivationAlgorithm by converting an input string to lowercase.

type KeyDerivationMetadataScrypt added in v0.21.0 

type KeyDerivationMetadataScrypt struct {
	Salt []byte `json:"salt"`
}

KeyDerivationMetadataScrypt is the metadata used by the scrypt key derivation algorithm.

func (KeyDerivationMetadataScrypt) Validate added in v0.21.0 

func (m KeyDerivationMetadataScrypt) Validate() error

Validate whether the KeyDerivationMetadataScrypt is valid.

type KeyDerivationParametersScrypt added in v0.21.0 

type KeyDerivationParametersScrypt struct {
	P int `json:"p"`
	N int `json:"n"`
	R int `json:"r"`
}

KeyDerivationParametersScrypt are the parameters used by the scrypt key derivation algorithm.

func (KeyDerivationParametersScrypt) Validate added in v0.21.0 

func (p KeyDerivationParametersScrypt) Validate() error

Validate whether the KeyDerivationParametersScrypt is valid.

type KeyType added in v0.21.0 

type KeyType string

KeyType specifies the type of key used for EncryptedData. 

const (
	KeyTypeDerived       KeyType = "derived"
	KeyTypeEncrypted     KeyType = "encrypted"
	KeyTypeLocal         KeyType = "local"
	KeyTypeAccountKey    KeyType = "account-key"
	KeyTypeSecretKey     KeyType = "secret-key"
	KeyTypeAWS           KeyType = "aws"
	KeyTypeGCP           KeyType = "gcp"
	KeyTypeBootstrapCode KeyType = "bootstrap-code"
)

Options for KeyType

func (*KeyType) UnmarshalJSON added in v0.21.0 

func (ed *KeyType) UnmarshalJSON(b []byte) error

UnmarshalJSON populates an KeyType by converting an input string to lowercase.

type Namespace 

type Namespace ParentPath

Namespace represents a namespace

func (*Namespace) Set 

func (n *Namespace) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (Namespace) String 

func (n Namespace) String() string

String returns the namespace as a string to be used for printing.

func (Namespace) Validate 

func (n Namespace) Validate() error

Validate verifies whether the Namespace is valid

func (Namespace) Value 

func (n Namespace) Value() string

Value returns the namespace as a string to be used in communication with the client and in transportation to the server.

type NamespaceDetails 

type NamespaceDetails struct {
	Name        string `json:"name"`
	MemberCount int    `json:"member_count"`
	RepoCount   int    `json:"repo_count"`
	SecretCount int    `json:"secret_count"`
}

NamespaceDetails defines a user or organization namespace. TODO: rename this to Namespace currently claimed in paths.go

type OAuthConfig added in v0.30.0 

type OAuthConfig struct {
	ClientID  string   `json:"client_id"`
	AuthURI   string   `json:"auth_uri"`
	Scopes    []string `json:"scopes"`
	ResultURL *url.URL `json:"result_url"`
}

type Org 

type Org struct {
	OrgID       uuid.UUID    `json:"org_id"`
	Name        string       `json:"name"`
	Description string       `json:"description"`
	CreatedAt   time.Time    `json:"created_at"`
	Members     []*OrgMember `json:"members,omitempty"`
}

Org represents an organization account on SecretHub

type OrgMember 

type OrgMember struct {
	OrgID         uuid.UUID `json:"org_id"`
	AccountID     uuid.UUID `json:"account_id"`
	Role          string    `json:"role"`
	CreatedAt     time.Time `json:"created_at"`
	LastChangedAt time.Time `json:"last_changed_at"`
	User          *User     `json:"user,omitempty"`
}

OrgMember represents a user's membership of an organization.

type OrgName 

type OrgName Namespace

OrgName is the name of an organization.

func (OrgName) Namespace 

func (n OrgName) Namespace() Namespace

Namespace returns the OrgName as a Namespace.

func (*OrgName) Set 

func (n *OrgName) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (OrgName) String 

func (n OrgName) String() string

String returns the organisation's name as a string to be used for printing.

func (OrgName) Value 

func (n OrgName) Value() string

Value returns the organisation's name as a string to be used in communication with the client and in transportation to the server.

type ParentPath 

type ParentPath Path

ParentPath is a path to a namespace, repo or directory. This is used for generic blind name generation.

func (ParentPath) BlindName 

func (pp ParentPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName generates the BlindName of the ParentPath.

func (ParentPath) GetRepoPath 

func (pp ParentPath) GetRepoPath() RepoPath

GetRepoPath returns the RepoPath of the ParentPath.

func (ParentPath) HasParentPath 

func (pp ParentPath) HasParentPath() bool

HasParentPath checks if the ParentPath has a path or if it is the repo path.

func (ParentPath) JoinDir 

func (pp ParentPath) JoinDir(dirName string) DirPath

JoinDir constructs a new DirPath combined by the ParentPath and dirName.

func (ParentPath) String 

func (pp ParentPath) String() string

type Path 

type Path string

Path represents a path to either a namespace, a repo, a directory, or a secret

func NewPath 

func NewPath(path string) (Path, error)

NewPath creates a new Path and validates whether it is valid

func (Path) HasVersion 

func (p Path) HasVersion() bool

HasVersion returns if the path has a version. Only SecretPath has versions, so if has a version it is a SecretPath.

func (*Path) Set 

func (p *Path) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (Path) String 

func (p Path) String() string

String converts the Path to a string

func (Path) ToDirPath 

func (p Path) ToDirPath() (DirPath, error)

ToDirPath tries to convert the path to a valid DirPath

func (Path) ToNamespace 

func (p Path) ToNamespace() (Namespace, error)

ToNamespace tries to convert the Path to a valid Namespace

func (Path) ToRepoPath 

func (p Path) ToRepoPath() (RepoPath, error)

ToRepoPath tries to convert the Path to a valid RepoPath

func (Path) ToSecretPath 

func (p Path) ToSecretPath() (SecretPath, error)

ToSecretPath tries to convert the Path to a valid SecretPath

func (*Path) Validate 

func (p *Path) Validate() error

Validate checks whether the Path is either a valid SecretPath, DirPath, RepoPath or Namespace

type Permission 

type Permission int

Permission defines what kind of access an access rule grants or a access level has. 

const (
	PermissionNone Permission = iota
	PermissionRead
	PermissionWrite
	PermissionAdmin
)

The different Permission options.

func (*Permission) Set 

func (al *Permission) Set(value string) error

Set sets the Permission to the value.

func (Permission) String 

func (al Permission) String() string

type Repo 

type Repo struct {
	RepoID         uuid.UUID `json:"repo_id"`
	Owner          string    `json:"owner"`
	Name           string    `json:"name"`
	CreatedAt      time.Time `json:"created_at"`
	LastModifiedAt time.Time `json:"last_modified_at"`
	Status         string    `json:"status"`
	SecretCount    int       `json:"secret_count,omitempty"`
	MemberCount    int       `json:"member_count,omitempty"`
}

Repo represents a repo on SecretHub.

func (Repo) Path 

func (r Repo) Path() RepoPath

Path returns the full repository path.

func (Repo) ToAuditSubject 

func (r Repo) ToAuditSubject() *AuditSubject

ToAuditSubject converts a Repo to an AuditSubject

func (Repo) Trim 

func (r Repo) Trim() *Repo

Trim removes all non-essential fields from Repo for output

type RepoKeys 

type RepoKeys struct {
	RepoEncryptionKey []byte `json:"repo_encryption_key"`
	RepoIndexKey      []byte `json:"repo_index_key"`
}

RepoKeys contains the response with the repo key.

type RepoMember 

type RepoMember struct {
	RepoID    uuid.UUID `json:"repo_id"`
	AccountID uuid.UUID `json:"account_id"`
	CreatedAt time.Time `json:"created_at"`
}

RepoMember represents a member of a SecretHub repo.

type RepoPath 

type RepoPath ParentPath

RepoPath is a parse for repo paths of form :owner/:repo_name

func NewRepoPath 

func NewRepoPath(path string) (RepoPath, error)

NewRepoPath formats a RepoPath from an owner and repo.

func (RepoPath) BlindName 

func (rp RepoPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName returns the blind name of the DirPath.

func (RepoPath) GetDirPath 

func (rp RepoPath) GetDirPath() DirPath

GetDirPath converts this repoPath into a DirPath. This should be valid.

func (RepoPath) GetNamespace 

func (rp RepoPath) GetNamespace() string

GetNamespace returns the namespace of the Repo.

func (RepoPath) GetNamespaceAndRepoName 

func (rp RepoPath) GetNamespaceAndRepoName() (string, string)

GetNamespaceAndRepoName returns the namespace and repo name of the Repo.

func (RepoPath) GetRepo 

func (rp RepoPath) GetRepo() string

GetRepo returns the name of the Repo.

func (RepoPath) GetRepoPath 

func (rp RepoPath) GetRepoPath() RepoPath

GetRepoPath gets the RepoPath from the RepoPath. This function only works on validated RepoPaths. This is necessary to implement BlindNamePath interface.

func (*RepoPath) Set 

func (rp *RepoPath) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (RepoPath) String 

func (rp RepoPath) String() string

String returns the repository's path as a string to be used for printing.

func (RepoPath) Validate 

func (rp RepoPath) Validate() error

Validate validates a repo path of form :owner/:repo_name

func (RepoPath) Value 

func (rp RepoPath) Value() string

Value returns the repository's path as a string to be used in communication with the client and in transportation to the server.

type RevokeOpts 

type RevokeOpts struct {
	DryRun bool `url:"dry_run"` // Dry performs a dry run without actually revoking the account.
}

RevokeOpts contains optional query parameters for revoke requests.

func (*RevokeOpts) Unmarshal 

func (o *RevokeOpts) Unmarshal(values url.Values)

Unmarshal decodes url.Values into the options struct, setting default values if not present in the query values. TODO SHDEV-817: refactor this to a more extendable mechanism.

func (RevokeOpts) Values 

func (o RevokeOpts) Values() (url.Values, error)

Values returns the url.Values encoding of the options.

type RevokeOrgResponse 

type RevokeOrgResponse struct {
	DryRun       bool                  `json:"dry"` // Dry indicates whether it was a dry run or not.
	Repos        []*RevokeRepoResponse `json:"repos"`
	StatusCounts map[string]int        `json:"status_counts"` // StatusCounts contains aggregate counts of the repos the account is revoked from.
}

RevokeOrgResponse is returned as the effect of revoking an account from a repository.

type RevokeRepoResponse 

type RevokeRepoResponse struct {
	Namespace                 string `json:"namespace"` // Added for display purposes
	Name                      string `json:"name"`      // Added for display purposes
	Status                    string `json:"status"`
	RevokedSecretVersionCount int    `json:"revoked_secret_version_count"`
	RevokedSecretKeyCount     int    `json:"revoked_secret_key_count"`
}

RevokeRepoResponse is returned as the effect of revoking an account from a repo.

type RevokeResponse 

type RevokeResponse struct {
	RevokedSecretVersions []*EncryptedSecretVersion `json:"revoked_secret_versions"`
	RevokedSecretKeys     []*SecretKey              `json:"revoked_secret_keys"`
}

RevokeResponse is returned when a revoke command is executed.

type Secret 

type Secret struct {
	SecretID      uuid.UUID `json:"secret_id"`
	DirID         uuid.UUID `json:"dir_id"`
	RepoID        uuid.UUID `json:"repo_id"`
	Name          string    `json:"name"`
	BlindName     string    `json:"blind_name"`
	VersionCount  int       `json:"version_count"`
	LatestVersion int       `json:"latest_version"`
	Status        string    `json:"status"`
	CreatedAt     time.Time `json:"created_at"`
}

Secret represents a decrypted secret in SecretHub.

func (*Secret) HasName 

func (s *Secret) HasName(name string) bool

HasName returns true when the secret version has the exact name.

type SecretAccessRequest 

type SecretAccessRequest struct {
	Name EncryptedNameForNodeRequest `json:"name_member"`
	Keys []SecretKeyMemberRequest    `json:"keys"`
}

SecretAccessRequest contains the request fields to grant an account access to a secret.

func (*SecretAccessRequest) Validate 

func (r *SecretAccessRequest) Validate() error

Validate validates the request fields.

type SecretKey 

type SecretKey struct {
	SecretKeyID uuid.UUID            `json:"secret_key_id"`
	AccountID   uuid.UUID            `json:"account_id"`
	Key         *crypto.SymmetricKey `json:"key"`
}

SecretKey represents a secret key that is intended to be used by a specific account.

func (*SecretKey) ToAuditSubject 

func (sk *SecretKey) ToAuditSubject() *AuditSubject

ToAuditSubject converts a SecretKey to an AuditSubject

type SecretKeyMemberRequest 

type SecretKeyMemberRequest struct {
	AccountID    uuid.UUID            `json:"account_id"`
	SecretKeyID  uuid.UUID            `json:"secret_key_id"`
	EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"`
}

SecretKeyMemberRequest contains the request fields to grant access to a secret key.

func (*SecretKeyMemberRequest) Validate 

func (skmr *SecretKeyMemberRequest) Validate() error

Validate validates the request fields.

type SecretPath 

type SecretPath string

SecretPath is a custom type for secret paths of form :owner/:repo_name/:secret

func NewSecretPath 

func NewSecretPath(path string) (SecretPath, error)

NewSecretPath formats a SecretPath from an owner, repo, and a secret.

func (SecretPath) AddVersion 

func (sp SecretPath) AddVersion(version int) (SecretPath, error)

AddVersion adds a version to a SecretPath and returns this path.

func (SecretPath) BlindName 

func (sp SecretPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName converts a SecretPath to a blindname. BlindName ignores the Secret Version.

func (SecretPath) GetNamespace 

func (sp SecretPath) GetNamespace() string

GetNamespace returns the namespace in the SecretPath.

func (SecretPath) GetParentPath 

func (sp SecretPath) GetParentPath() (ParentPath, error)

GetParentPath gets the DirPath from the SecretPath.

func (SecretPath) GetRepo 

func (sp SecretPath) GetRepo() string

GetRepo returns the repo name in the SecretPath.

func (SecretPath) GetRepoPath 

func (sp SecretPath) GetRepoPath() RepoPath

GetRepoPath gets the RepoPath from the SecretPath. This function only works on validated SecretPaths.

func (SecretPath) GetSecret 

func (sp SecretPath) GetSecret() string

GetSecret gets the secret name from the path.

func (SecretPath) GetVersion 

func (sp SecretPath) GetVersion() (string, error)

GetVersion gets the version from the path.

func (SecretPath) HasVersion 

func (sp SecretPath) HasVersion() bool

HasVersion returns whether there is a version specified in the path.

func (*SecretPath) Set 

func (sp *SecretPath) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (SecretPath) String 

func (sp SecretPath) String() string

String returns the secret path as a string to be used for printing.

func (SecretPath) Validate 

func (sp SecretPath) Validate() error

Validate validates a Secret path.

func (SecretPath) Value 

func (sp SecretPath) Value() string

Value returns the secret path as a string to be used in communication with the client and in transportation to the server.

type SecretVersion 

type SecretVersion struct {
	SecretVersionID uuid.UUID  `json:"secret_version_id"`
	Secret          *Secret    `json:"secret"`
	Version         int        `json:"version"`
	SecretKey       *SecretKey `json:"secret_key,omitempty"`
	Data            []byte     `json:"data,omitempty"`
	CreatedAt       time.Time  `json:"created_at"`
	Status          string     `json:"status"`
}

SecretVersion represents a version of a Secret without any encrypted data.

func (*SecretVersion) IsLatest 

func (sv *SecretVersion) IsLatest() bool

IsLatest returns true when the secret version is the latest version of the secret.

func (*SecretVersion) Name 

func (sv *SecretVersion) Name() string

Name returns the secret name:version

type Service 

type Service struct {
	AccountID   uuid.UUID   `json:"account_id"`
	ServiceID   string      `json:"service_id"`
	Repo        *Repo       `json:"repo"`
	Description string      `json:"description"`
	CreatedBy   uuid.UUID   `json:"created_by"`
	CreatedAt   time.Time   `json:"created_at"`
	Credential  *Credential `json:"credential"`
}

Service represents a service account on SecretHub.

func (Service) ToAuditActor 

func (a Service) ToAuditActor() *AuditActor

ToAuditActor converts an Service to an AuditActor

func (Service) ToAuditSubject 

func (a Service) ToAuditSubject() *AuditSubject

ToAuditSubject converts an Service to an AuditSubject

func (Service) Trim 

func (a Service) Trim() *Service

Trim removes all non-essential fields from Service for output

type Session added in v0.21.0 

type Session struct {
	SessionID uuid.UUID   `json:"session_id"`
	ExpiresAt time.Time   `json:"expires_at"`
	Type      SessionType `json:"type"`
	Payload   interface{} `json:"payload"`
}

Session represents a session that can be used for authentication to the server.

func NewSessionHMAC added in v0.21.0 

func NewSessionHMAC(sessionID uuid.UUID, expiration time.Time, secretKey string) *Session

NewSessionHMAC returns a HMAC type api.Session.

func (*Session) HMAC added in v0.21.0 

func (s *Session) HMAC() *SessionHMAC

HMAC returns the HMAC specific representation of this session.

func (*Session) UnmarshalJSON added in v0.21.0 

func (s *Session) UnmarshalJSON(b []byte) error

UnmarshalJSON converts a JSON representation into a Session with the correct Payload.

func (*Session) Validate added in v0.21.0 

func (s *Session) Validate() error

Validate whether the Session is valid.

type SessionHMAC added in v0.21.0 

type SessionHMAC struct {
	SessionID uuid.UUID
	Expires   time.Time
	Payload   SessionPayloadHMAC
}

SessionHMAC is a session that uses the HMAC algorithm to verify the authentication.

type SessionPayloadHMAC added in v0.21.0 

type SessionPayloadHMAC struct {
	SessionKey string `json:"session_key"`
}

SessionPayloadHMAC is the payload of a HMAC typed session.

func (*SessionPayloadHMAC) Validate added in v0.21.0 

func (pl *SessionPayloadHMAC) Validate() error

Validate whether the SessionPayloadHMAC is valid.

type SessionType added in v0.21.0 

type SessionType string

SessionType defines how a session can be used. 

const (
	SessionTypeHMAC SessionType = "hmac"
)

SessionType options

type SortAccessLevels 

type SortAccessLevels []*AccessLevel

SortAccessLevels sorts a list of AccessLevels first by the permission and then by the account name.

func (SortAccessLevels) Len 

func (s SortAccessLevels) Len() int

func (SortAccessLevels) Less 

func (s SortAccessLevels) Less(i, j int) bool

func (SortAccessLevels) Swap 

func (s SortAccessLevels) Swap(i, j int)

type SortAccessRules 

type SortAccessRules []*AccessRule

SortAccessRules makes a list of AccessRules sortable. Sort order: Permission (high to low), AccountName (natural)

func (SortAccessRules) Len 

func (s SortAccessRules) Len() int

func (SortAccessRules) Less 

func (s SortAccessRules) Less(i, j int) bool

func (SortAccessRules) Swap 

func (s SortAccessRules) Swap(i, j int)

type SortDirByName 

type SortDirByName []*Dir

SortDirByName makes a list of Dir sortable.

func (SortDirByName) Len 

func (d SortDirByName) Len() int

func (SortDirByName) Less 

func (d SortDirByName) Less(i, j int) bool

func (SortDirByName) Swap 

func (d SortDirByName) Swap(i, j int)

type SortDirPaths 

type SortDirPaths []DirPath

SortDirPaths makes a slice of dir paths sortable.

func (SortDirPaths) Len 

func (s SortDirPaths) Len() int

func (SortDirPaths) Less 

func (s SortDirPaths) Less(i, j int) bool

func (SortDirPaths) Swap 

func (s SortDirPaths) Swap(i, j int)

type SortOrgByName 

type SortOrgByName []*Org

SortOrgByName makes a list of orgs sortable.

func (SortOrgByName) Len 

func (s SortOrgByName) Len() int

func (SortOrgByName) Less 

func (s SortOrgByName) Less(i, j int) bool

func (SortOrgByName) Swap 

func (s SortOrgByName) Swap(i, j int)

type SortOrgMemberByUsername 

type SortOrgMemberByUsername []*OrgMember

SortOrgMemberByUsername makes a list of org members sortable.

func (SortOrgMemberByUsername) Len 

func (s SortOrgMemberByUsername) Len() int

func (SortOrgMemberByUsername) Less 

func (s SortOrgMemberByUsername) Less(i, j int) bool

func (SortOrgMemberByUsername) Swap 

func (s SortOrgMemberByUsername) Swap(i, j int)

type SortRepoByName 

type SortRepoByName []*Repo

SortRepoByName makes a list of repos sortable.

func (SortRepoByName) Len 

func (r SortRepoByName) Len() int

func (SortRepoByName) Less 

func (r SortRepoByName) Less(i, j int) bool

func (SortRepoByName) Swap 

func (r SortRepoByName) Swap(i, j int)

type SortSecretByName 

type SortSecretByName []*Secret

SortSecretByName makes a list of Secret sortable.

func (SortSecretByName) Len 

func (s SortSecretByName) Len() int

func (SortSecretByName) Less 

func (s SortSecretByName) Less(i, j int) bool

func (SortSecretByName) Swap 

func (s SortSecretByName) Swap(i, j int)

type Tree 

type Tree struct {
	ParentPath ParentPath
	RootDir    *Dir
	Dirs       map[uuid.UUID]*Dir
	Secrets    map[uuid.UUID]*Secret
}

Tree contains a full tree from the RootDir and all dirs and secrets. ParentPath is used to construct absolute paths. ParentPath is the path to the parent of the root dir, eg: For namespace/repo/parent/rootdir => namespace/repo/parent

func (Tree) AbsDirPath 

func (t Tree) AbsDirPath(dirID uuid.UUID) (DirPath, error)

AbsDirPath returns the full path of dir This function makes the assumption that only the root dir has no parentID. If not, an error will occur.

func (Tree) AbsSecretPath 

func (t Tree) AbsSecretPath(secretID uuid.UUID) (*SecretPath, error)

AbsSecretPath returns the full path of secret. This function makes the assumption that every secret has a ParentDir.  If not, an error will occur.

func (Tree) DirCount 

func (t Tree) DirCount() int

DirCount returns the number of directories inside the tree. This does not include the root directory.

func (Tree) SecretCount 

func (t Tree) SecretCount() int

SecretCount returns the number of secrets contained in the tree.

type UpdateAccessRuleRequest 

type UpdateAccessRuleRequest struct {
	Permission Permission `json:"permission"`
}

UpdateAccessRuleRequest contains the request fields for updating an AccessRule.

func (*UpdateAccessRuleRequest) Validate 

func (uar *UpdateAccessRuleRequest) Validate() error

Validate validates the request fields.

type UpdateCredentialRequest added in v0.25.0 

type UpdateCredentialRequest struct {
	Enabled *bool `json:"enabled,omitempty"`
}

UpdateCredentialRequest contains the fields of a credential that can be updated.

func (*UpdateCredentialRequest) Validate added in v0.25.0 

func (req *UpdateCredentialRequest) Validate() error

Validate whether the UpdateCredentialRequest is a valid request.

type UpdateOrgMemberRequest 

type UpdateOrgMemberRequest struct {
	Role string `json:"role"`
}

UpdateOrgMemberRequest contains the required fields for updating a user's organization membership.

func (UpdateOrgMemberRequest) Validate 

func (req UpdateOrgMemberRequest) Validate() error

Validate validates the request fields.

type User 

type User struct {
	AccountID     uuid.UUID  `json:"account_id"`
	PublicKey     []byte     `json:"public_key"`
	Username      string     `json:"username"`
	FullName      string     `json:"full_name"`
	Email         string     `json:"user_email,omitempty"`     // Optional, private information is only returned for yourself
	EmailVerified bool       `json:"email_verified,omitempty"` // Optional, private information is only returned for yourself
	CreatedAt     *time.Time `json:"created_at,omitempty"`     // Optional, private information is only returned for yourself
	LastLoginAt   *time.Time `json:"last_login_at,omitempty"`  // Optional, private information is only returned for yourself
}

User represents a SecretHub user.

func (User) PrettyName 

func (u User) PrettyName() string

PrettyName returns a printable string with the username and full name.

func (User) ToAuditActor 

func (u User) ToAuditActor() *AuditActor

ToAuditActor converts a User to an AuditActor

func (User) ToAuditSubject 

func (u User) ToAuditSubject() *AuditSubject

ToAuditSubject converts a User to an AuditSubject

func (User) Trim 

func (u User) Trim() *User

Trim removes all non-essential fields from User for output

Source Files

View all Source files

Directories

Path Synopsis
Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.
 Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.