Documentation
¶
Overview ¶
The secrets service provides a simple key/value store for small bits of secret data. Access is limited by scopes, so values can be considered secret from those who do not have the relevant scopes.
Secrets also have an expiration date, and once a secret has expired it can no longer be read. This is useful for short-term secrets such as a temporary service credential or a one-time signing key.
See:
How to use this package ¶
First create a Secrets object:
secrets := tcsecrets.New(nil)
and then call one or more of secrets's methods, e.g.:
err := secrets.Ping(.....)
handling any errors...
if err != nil {
// handle error...
}
Taskcluster Schema ¶
The source code of this go package was auto-generated from the API definition at https://taskcluster-staging.net/references/secrets/v1/api.json together with the input and output schemas it references, downloaded on Thu, 27 Jun 2019 at 07:22:00 UTC. The code was generated by https://github.com/taskcluster/taskcluster-client-go/blob/master/build.sh.
Index ¶
- type Secret
- type Secrets
- func (secrets *Secrets) Get(name string) (*Secret, error)
- func (secrets *Secrets) Get_SignedURL(name string, duration time.Duration) (*url.URL, error)
- func (secrets *Secrets) List(continuationToken, limit string) (*SecretsList, error)
- func (secrets *Secrets) Ping() error
- func (secrets *Secrets) Remove(name string) error
- func (secrets *Secrets) Set(name string, payload *Secret) error
- type SecretsList
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Secret ¶
type Secret struct {
// An expiration date for this secret.
//
// See https://taskcluster-staging.net/schemas/secrets/v1/secret.json#/properties/expires
Expires tcclient.Time `json:"expires"`
// The secret value to be encrypted.
//
// Additional properties allowed
//
// See https://taskcluster-staging.net/schemas/secrets/v1/secret.json#/properties/secret
Secret json.RawMessage `json:"secret"`
}
Message containing a Taskcluster Secret
See https://taskcluster-staging.net/schemas/secrets/v1/secret.json#
type Secrets ¶
func New ¶
func New(credentials *tcclient.Credentials, rootURL string) *Secrets
New returns a Secrets client, configured to run against production. Pass in nil credentials to create a client without authentication. The returned client is mutable, so returned settings can be altered.
secrets := tcsecrets.New(
nil, // client without authentication
"http://localhost:1234/my/taskcluster", // taskcluster hosted at this root URL on local machine
)
err := secrets.Ping(.....) // for example, call the Ping(.....) API endpoint (described further down)...
if err != nil {
// handle errors...
}
func NewFromEnv ¶
func NewFromEnv() *Secrets
NewFromEnv returns a *Secrets configured from environment variables.
The root URL is taken from TASKCLUSTER_PROXY_URL if set to a non-empty string, otherwise from TASKCLUSTER_ROOT_URL if set, otherwise the empty string.
The credentials are taken from environment variables:
TASKCLUSTER_CLIENT_ID TASKCLUSTER_ACCESS_TOKEN TASKCLUSTER_CERTIFICATE
If TASKCLUSTER_CLIENT_ID is empty/unset, authentication will be disabled.
func (*Secrets) Get ¶
Read the secret associated with some key. If the secret has recently expired, the response code 410 is returned. If the caller lacks the scope necessary to get the secret, the call will fail with a 403 code regardless of whether the secret exists.
Required scopes:
secrets:get:<name>
See #get
func (*Secrets) Get_SignedURL ¶
Returns a signed URL for Get, valid for the specified duration.
Required scopes:
secrets:get:<name>
See Get for more details.
func (*Secrets) List ¶
func (secrets *Secrets) List(continuationToken, limit string) (*SecretsList, error)
List the names of all secrets.
By default this end-point will try to return up to 1000 secret names in one request. But it **may return less**, even if more tasks are available. It may also return a `continuationToken` even though there are no more results. However, you can only be sure to have seen all results if you keep calling `listTaskGroup` with the last `continuationToken` until you get a result without a `continuationToken`.
If you are not interested in listing all the members at once, you may use the query-string option `limit` to return fewer.
See #list
func (*Secrets) Ping ¶
Respond without doing anything. This endpoint is used to check that the service is up.
See #ping
type SecretsList ¶
type SecretsList struct {
// Opaque `continuationToken` to be given as query-string option to get the
// next set of provisioners.
// This property is only present if another request is necessary to fetch all
// results. In practice the next request with a `continuationToken` may not
// return additional results, but it can. Thus, you can only be sure to have
// all the results if you've called with `continuationToken` until you get a
// result without a `continuationToken`.
//
// See https://taskcluster-staging.net/schemas/secrets/v1/secret-list.json#/properties/continuationToken
ContinuationToken string `json:"continuationToken,omitempty"`
// Secret names
//
// Array items:
// Secret name
//
// See https://taskcluster-staging.net/schemas/secrets/v1/secret-list.json#/properties/secrets/items
//
// See https://taskcluster-staging.net/schemas/secrets/v1/secret-list.json#/properties/secrets
Secrets []string `json:"secrets"`
}
Message containing a list of secret names
See https://taskcluster-staging.net/schemas/secrets/v1/secret-list.json#
Source Files