README
¶
Secrets Manager
Provides a generic interface to obtain secrets from different sources.
Sources
Following sources are available:
- Static managed secrets, e.g. for testing
- Secrets read from environment variables
- Secrets read from mounted secret files in Docker or K8s
Documentation
¶
Overview ¶
Package secrets provides a generic interface to obtain secrets from different sources.
Index ¶
Constants ¶
const DEFAULT_SECRETS_FILE = "~/.credentials"
DEFAULT_SECRETS_FILE defines default path to a credentials file.
const DOCKER_SECRETS_PATH = "/run/secrets"
DOCKER_SECRETS_PATH defined the default path to look for mounted secrets in Docker or K8s.
Variables ¶
This section is empty.
Functions ¶
func ExportToEnvironment ¶
func ExportToEnvironment(keys []string, manager SecretsManager)
ExportToEnvironment will export secrets identified by given keys to environment variables.
Types ¶
type Base64DecodeError ¶ added in v1.1.1
type Base64DecodeError struct {
// contains filtered or unexported fields
}
func (*Base64DecodeError) Error ¶ added in v1.1.1
func (e *Base64DecodeError) Error() string
type DockerSecretsManager ¶
type DockerSecretsManager struct {
// contains filtered or unexported fields
}
DockerSecretsManager will read secrets from files mounted by Docker or K8s.
type EnvironmentSecretsManager ¶
type EnvironmentSecretsManager struct {
}
EnvironmentSecretsManager will read secrets from environment variables.
type FileSecretsManager ¶ added in v1.1.0
type FileSecretsManager struct {
// contains filtered or unexported fields
}
FileSecretsManager reads secrets from defined file. Secrets have to be added as key:value pair in this credentials file.
type SecretNotFoundError ¶ added in v1.1.1
type SecretNotFoundError struct {
// contains filtered or unexported fields
}
func (*SecretNotFoundError) Error ¶ added in v1.1.1
func (e *SecretNotFoundError) Error() string
type SecretsManager ¶
type SecretsManager interface {
// Obtain will try to read a secret for given key.
Obtain(key string) (*string, error)
}
SecretsManager is a generic interface to read secrets from different sources.
func NewDockerecretsManager ¶
func NewDockerecretsManager(secretsPath string) SecretsManager
NewDockerecretsManager returns a new secrets manager for Docker or K8s.
func NewFileSecretsManager ¶ added in v1.1.0
func NewFileSecretsManager(fileName string) SecretsManager
NewFileSecretsManager returns a new secretsmanager for given file.
func NewSecretsManager ¶
func NewSecretsManager() SecretsManager
NewSecretsManager returns a new default secrets mananger, which will read secrets from environment variables.
func NewSecretsManagerByConfig ¶
func NewSecretsManagerByConfig(conf config.Config) SecretsManager
NewSecretsManagerByConfig will create a new secrets manager by given config. If there's no config values for secrets, a default secrets manager will be returned.
func NewStaticSecretsManager ¶
func NewStaticSecretsManager(secrets map[string]string) SecretsManager
NewStaticSecretsManager returns a secrets manager which contains passed secrets. Useful e.g. for testing.
type StaticSecretsManager ¶
type StaticSecretsManager struct {
// contains filtered or unexported fields
}
StaticSecretsManager will manage secrets by internal map.
Source Files