secrets

package

v1.5.2 Latest Latest Go to latest Published: Sep 24, 2022 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/trisacrypto/directory

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CreateToken(length int) string
func ValidateToken(token string) bool
type SecretManager
- func (sm *SecretManager) With(certRequest string) *SecretManagerContext
type SecretManagerContext

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrSecretNotFound    = errors.New("could not add secret version - not found")
	ErrFileSizeLimit     = errors.New("could not add secret version - file size exceeds limit")
	ErrPermissionsDenied = errors.New("could not add secret version - permissions denied at project level")
)

Functions ¶

func CreateToken ¶

func CreateToken(length int) string

CreateToken creates a variable length random token that can be used for passwords or API keys.

func ValidateToken ¶

func ValidateToken(token string) bool

ValidateToken checks if a token contains any invalid characters.

Types ¶

type SecretManager ¶

type SecretManager struct {
	// contains filtered or unexported fields
}

SecretManager holds a client to the Google secret manager, and the path to the `parent` project for the secret manager.

func New ¶

func New(conf config.SecretsConfig) (sm *SecretManager, err error)

New creates and returns a client to access the Google Secret Manager. This function requires the $GOOGLE_APPLICATION_CREDENTIALS environment variable to be set, which specifies the JSON path to the service account credentials.

func NewMock ¶

func NewMock(conf config.SecretsConfig) (*SecretManager, error)

NewMock creates and returns a client to access a mock Secret Manager for testing. Note that the SecretManager is identical and all external functionality is unchanged, however instead of making requests to Google Secret Manager, the mock object is simply storing things in memory. NOTE: this is ported from github.com/rotationalio/whisper

func NewSecretManager ¶

func NewSecretManager(config config.SecretsConfig) (sm *SecretManager, err error)

NewSecretManager creates and returns a new secret manager client and an error if one occurs. Note that the `secretmanager` package leverages the GOOGLE_APPLICATION_CREDENTIALS environment variable which specifies the json path to the service account credentials, meaning that this function is a lightweight method for testing that the application can successfully connect to the secret manager API. However, this function does not validate the parent path.

func (*SecretManager) With ¶

func (sm *SecretManager) With(certRequest string) *SecretManagerContext

With allows us to engage a single SecretManager across all required calls during the certificate request process

type SecretManagerContext ¶

type SecretManagerContext struct {
	// contains filtered or unexported fields
}

SecretManagerContext maintains a single long-running secret manager that can be used for the duration of the certificate request process

func (*SecretManagerContext) AddSecretVersion ¶

func (smc *SecretManagerContext) AddSecretVersion(ctx context.Context, secret string, payload []byte) error

AddSecretVersion adds a new secret version to the given secret and the provided payload. Returns an error if one occurs. Note: to add a secret version, the secret must first be created using CreateSecret.

func (*SecretManagerContext) CreateSecret ¶

func (smc *SecretManagerContext) CreateSecret(ctx context.Context, secret string) error

CreateSecret creates a new secret in the Google Cloud Manager top-level directory using the `secret` name provided. This function returns an error if any occurs. Note: A secret is a logical wrapper around a collection of secret versions. To store a secret payload, you must first CreateSecret and then AddSecretVersion.

func (*SecretManagerContext) DeleteSecret ¶

func (smc *SecretManagerContext) DeleteSecret(ctx context.Context, secret string) error

DeleteSecret deletes the secret with the given the name, and all of its versions. Note: this is an irreversible operation. Any service or workload that attempts to access a deleted secret receives a Not Found error.

func (*SecretManagerContext) GetLatestVersion ¶

func (smc *SecretManagerContext) GetLatestVersion(ctx context.Context, secret string) ([]byte, error)

GetLatestVersion returns the payload for the latest version of the given secret, if one exists, else an error.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL