README
¶
Secret service
Secret service provide convenient way of handling credentials.
Generic Credentials retrieval
Service supports the following form of * to retrieve credentials:
- URL i.e. mem://secret/localhost.json, secretmanager://.....,
- Relative path i.e. localhost.json, in this case based directory will be used to lookup credential resource
- Short name i.e. localhost, in this case based directory will be used to lookup credential resource and .json ext will be added.
Base directory can be file or URL, if empty '$HOME/.secret/' is used
service := secret.New()
var secret = secret.Resource("localhost")
secret, err := service.Lookup(secret)
if err !=nil {
panic(err)
}
cred, ok := secret.Target.(*cred.Generic)
if ! ok {
panic("invalid secret type")
}
Secrets are defined as type Secrets map[secret.Key]secret.Resource
Secret expansion
Very common case for the application it to take encrypted credential to used wither username or password. For example while running terminal command we may need to provide super user password and sometimes other secret, in one command that we do not want to reveal to final user.
Take the following code as example:
service := New()
secrets := NewSecrets()
{//password expansion
secrets["mysql"] = "~/.secret/mysql.json"
input := "docker run --name db1 -e MYSQL_ROOT_PASSWORD=${mysql.password} -d mysql:tag"
expaned, err := service.Expand(input, secrets)
}
{//username and password expansion
secrets["pg"] = "~/.secret/pg.json"
input := "docker run --name some-postgres -e POSTGRES_PASSWORD=${pg.password} -e POSTGRES_USER=${pg.username} -d postgres"
expaned, err := service.Expand(input, secrets)
}
Documentation
¶
Index ¶
- type Key
- type Option
- type Resource
- type Secrets
- type Service
- func (s *Service) Expand(ctx context.Context, input string, secrets map[Key]Resource) (string, error)
- func (s *Service) ExpandSecret(ctx context.Context, input string, key Key, resource Resource) (string, error)
- func (s *Service) GetCredentials(ctx context.Context, resource string) (*cred.Generic, error)
- func (s *Service) GeyKey(ctx context.Context, resource string) (*cred.SecretKey, error)
- func (s *Service) Lookup(ctx context.Context, secret Resource) (*scy.Secret, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Option ¶
type Option func(s *Service)
Option represents a service option
func WithBaseDirectory ¶
WithBaseDirectory sets base directory
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service represents a secret service
func (*Service) Expand ¶
func (s *Service) Expand(ctx context.Context, input string, secrets map[Key]Resource) (string, error)
Expand expands input credential keys with actual CredentialsFromLocation
func (*Service) ExpandSecret ¶
func (*Service) GetCredentials ¶
GetCredentials returns credentials for supplied resource
Source Files
Directories