env

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 3, 2023 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitContainerPollInterval added in v0.15.6 

func InitContainerPollInterval() time.Duration

InitContainerPollInterval returns the time interval between each poll in the Watch function. The interval is specified in milliseconds as the AEGIS_INIT_CONTAINER_POLL_INTERVAL environment variable. If the environment variable is not set or is not a valid integer value, the function returns the default interval of 5000 milliseconds.

func LogLevel added in v0.15.6 

func LogLevel() int

LogLevel returns the value set by AEGIS_LOG_LEVEL environment variable, or a default level.

AEGIS_LOG_LEVEL determines the verbosity of the logs. 0: logs are off, 7: highest verbosity (TRACE).

func NotarySvidPrefix added in v0.15.6 

func NotarySvidPrefix() string

NotarySvidPrefix returns the prefix for the Aegis Notary SVID (SPIFFE Verifiable Identity Document) used in the Aegis system. The prefix is obtained from the environment variable AEGIS_NOTARY_SVID_PREFIX. If the variable is not set, the default prefix is used.

THIS IS NOT USED AT THE MOMENT. IT IS EXPERIMENTAL.

func ProbeLivenessPort added in v0.15.6 

func ProbeLivenessPort() string

ProbeLivenessPort returns the port for liveness probe. It first checks the environment variable AEGIS_PROBE_LIVENESS_PORT. If the variable is not set, it returns the default value ":8081".

func ProbeReadinessPort added in v0.15.6 

func ProbeReadinessPort() string

ProbeReadinessPort returns the port for readiness probe. It first checks the environment variable AEGIS_PROBE_READINESS_PORT. If the variable is not set, it returns the default value ":8082".

func SafeAgeKeyPath added in v0.15.6 

func SafeAgeKeyPath() string

SafeAgeKeyPath returns the path to the safe age key directory. The path is determined by the AEGIS_CRYPTO_KEY_PATH environment variable. If the environment variable is not set, the default path "/key/key.txt" is returned.

func SafeAgeKeySecretName added in v0.15.6 

func SafeAgeKeySecretName() string

SafeAgeKeySecretName returns the name of the environment variable that holds the Aegis Safe age key. The value is retrieved using the "AEGIS_CRYPTO_KEY_NAME" environment variable. If this variable is not set or is empty, the default value "aegis-safe-age-key" is returned.

func SafeBackingStore added in v0.15.6 

func SafeBackingStore() data.BackingStore

SafeBackingStore returns the storage type for the data, as specified in the AEGIS_SAFE_BACKING_STORE environment variable. If the environment variable is not set, it defaults to "file". Any value that is not "file" will mean Aegis Safe will store its state in-memory

func SafeBootstrapTimeout added in v0.17.1 

func SafeBootstrapTimeout() time.Duration

SafeBootstrapTimeout returns the allowed time for Aegis Safe to wait before killing the pod to retrieve an SVID, in time.Duration. The interval is determined by the AEGIS_SAFE_BOOTSTRAP_TIMEOUT environment variable, with a default value of 30000 milliseconds if the variable is not set or if there is an error in parsing the value.

func SafeDataPath added in v0.15.6 

func SafeDataPath() string

SafeDataPath returns the path to the safe data directory. The path is determined by the AEGIS_SAFE_DATA_PATH environment variable. If the environment variable is not set, the default path "/data" is returned.

func SafeEndpointUrl added in v0.15.6 

func SafeEndpointUrl() string

SafeEndpointUrl returns the URL for the Aegis Safe endpoint used in the Aegis system. The URL is obtained from the environment variable AEGIS_SAFE_ENDPOINT_URL. If the variable is not set, the default URL is used.

func SafeFipsCompliant added in v0.17.4 

func SafeFipsCompliant() bool

SafeFipsCompliant returns a boolean indicating whether Aegis Safe should run in FIPS compliant mode. Note that this is not a guarantee that Aegis Safe will run in FIPS compliant mode, as it depends on the underlying base image. If you are using one of the official FIPS-complaint Aegis Docker images, then it will be FIPS-compliant. Check https://aegis.ist/docs/configuration/ for more details.

func SafeK8sSecretBufferSize added in v0.17.1 

func SafeK8sSecretBufferSize() int

SafeK8sSecretBufferSize returns the buffer size for the Aegis Safe Kubernetes secret queue.

The buffer size is determined by the environment variable AEGIS_SAFE_K8S_SECRET_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeK8sSecretDeleteBufferSize added in v0.17.1 

func SafeK8sSecretDeleteBufferSize() int

SafeK8sSecretDeleteBufferSize returns the buffer size for the Aegis Safe Kubernetes secret deletion queue.

The buffer size is determined by the environment variable AEGIS_SAFE_K8S_SECRET_DELETE_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeManualKeyInput added in v0.18.0 

func SafeManualKeyInput() bool

SafeManualKeyInput returns a boolean indicating whether to use manual cryptographic key input for Aegis Safe, instead of letting it bootstrap automatically. If the environment variable is not set or its value is not "true", the function returns false. Otherwise, the function returns true.

func SafeSecretBackupCount added in v0.15.6 

func SafeSecretBackupCount() int

SafeSecretBackupCount retrieves the number of backups to keep for Aegis Safe secrets. If the environment variable AEGIS_SAFE_SECRET_BACKUP_COUNT is not set or is not a valid integer, the default value of 3 will be returned.

func SafeSecretBufferSize added in v0.15.6 

func SafeSecretBufferSize() int

SafeSecretBufferSize returns the buffer size for the Aegis Safe secret queue.

The buffer size is determined by the environment variable AEGIS_SAFE_SECRET_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeSecretDeleteBufferSize added in v0.17.1 

func SafeSecretDeleteBufferSize() int

SafeSecretDeleteBufferSize returns the buffer size for the Aegis Safe secret deletion queue.

The buffer size is determined by the environment variable AEGIS_SAFE_SECRET_DELETE_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeSecretNamePrefix added in v0.15.6 

func SafeSecretNamePrefix() string

SafeSecretNamePrefix returns the prefix to be used for the names of secrets that Aegis Safe stores, when it is configured to persist the secret in the Kubernetes cluster as Kubernetes `Secret` objects.

The prefix is retrieved using the "AEGIS_SAFE_SECRET_NAME_PREFIX" environment variable. If this variable is not set or is empty, the default value "aegis-secret-" is returned.

func SafeSvidPrefix 

func SafeSvidPrefix() string

SafeSvidPrefix returns the prefix for the Safe SVID (Short-lived Verifiable Identity Document) used in the Aegis system. The prefix is obtained from the environment variable AEGIS_SAFE_SVID_PREFIX. If the variable is not set, the default prefix is used.

func SafeUseKubernetesSecrets added in v0.15.6 

func SafeUseKubernetesSecrets() bool

SafeUseKubernetesSecrets returns a boolean indicating whether to create a plain text Kubernetes secret for the workloads registered. There are two things to note about this approach:

1. By design, and for security the original kubernetes `Secret` should exist, and it should be initiated to a default data as follows: 

data:
  # '{}' (e30=) is a special placeholder to tell Safe that the Secret
  # is not initialized. DO NOT remove or change it.
  KEY_TXT: "e30="

2. This approach is LESS secure, and it is meant to be used for LEGACY systems where directly using the Safe Sidecar or Safe SDK are not feasible. It should be left as a last resort.

If the environment variable is not set or its value is not "true", the function returns false. Otherwise, the function returns true.

func SentinelSvidPrefix 

func SentinelSvidPrefix() string

SentinelSvidPrefix returns the prefix for the Safe SVID (Short-lived Verifiable Identity Document) used in the Aegis system. The prefix is obtained from the environment variable AEGIS_SENTINEL_SVID_PREFIX. If the variable is not set, the default prefix is used.

func SidecarErrorThreshold added in v0.15.6 

func SidecarErrorThreshold() int64

SidecarErrorThreshold returns the number of consecutive failed polls before increasing the interval. The value is read from the environment variable `AEGIS_SIDECAR_ERROR_THRESHOLD` or returns 2 as default.

func SidecarExponentialBackoffMultiplier added in v0.15.6 

func SidecarExponentialBackoffMultiplier() int64

SidecarExponentialBackoffMultiplier returns the multiplier for exponential backoff by the sidecar process. The value is read from the environment variable `AEGIS_SIDECAR_EXPONENTIAL_BACKOFF_MULTIPLIER` or returns 2 as default.

func SidecarMaxPollInterval added in v0.15.6 

func SidecarMaxPollInterval() time.Duration

SidecarMaxPollInterval returns the maximum interval for polling by the sidecar process. The value is read from the environment variable `AEGIS_SIDECAR_MAX_POLL_INTERVAL` or returns 300000 milliseconds as default.

func SidecarPollInterval added in v0.15.6 

func SidecarPollInterval() time.Duration

SidecarPollInterval returns the polling interval for sentry in time.Duration The interval is determined by the AEGIS_SIDECAR_POLL_INTERVAL environment variable, with a default value of 20000 milliseconds if the variable is not set or if there is an error in parsing the value.

func SidecarSecretsPath added in v0.15.6 

func SidecarSecretsPath() string

SidecarSecretsPath returns the path to the secrets file used by the sidecar. The path is determined by the AEGIS_SIDECAR_SECRETS_PATH environment variable, with a default value of "/opt/aegis/secrets.json" if the variable is not set.

func SidecarSuccessThreshold added in v0.15.6 

func SidecarSuccessThreshold() int64

SidecarSuccessThreshold returns the number of consecutive successful polls before reducing the interval. The value is read from the environment variable `AEGIS_SIDECAR_SUCCESS_THRESHOLD` or returns 3 as default.

func SpiffeSocketUrl added in v0.15.6 

func SpiffeSocketUrl() string

SpiffeSocketUrl returns the URL for the SPIFFE endpoint socket used in the Aegis system. The URL is obtained from the environment variable SPIFFE_ENDPOINT_SOCKET. If the variable is not set, the default URL is used.

func TlsPort added in v0.15.6 

func TlsPort() string

TlsPort returns the secure port for Aegis Safe to listen on. It checks the AEGIS_SAFE_TLS_PORT environment variable. If the variable is not set, it defaults to ":8443".

func WorkloadSvidPrefix 

func WorkloadSvidPrefix() string

WorkloadSvidPrefix returns the prefix for the Workload SVID (SPIFFE Verifiable Identity Document) used in the Aegis system. The prefix is obtained from the environment variable AEGIS_WORKLOAD_SVID_PREFIX. If the variable is not set, the default prefix is used.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.