env

package

v0.21.1 Latest Latest Go to latest Published: Oct 12, 2023 License: BSD-2-Clause Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vmware-tanzu/secrets-manager

Links

Open Source Insights

Documentation ¶

Index ¶

func InitContainerPollInterval() time.Duration
func LogLevel() int
func NotarySvidPrefix() string
func ProbeLivenessPort() string
func ProbeReadinessPort() string
func SafeAgeKeyPath() string
func SafeAgeKeySecretName() string
func SafeBackingStore() data.BackingStore
func SafeBootstrapTimeout() time.Duration
func SafeDataPath() string
func SafeEndpointUrl() string
func SafeFipsCompliant() bool
func SafeK8sSecretBufferSize() int
func SafeK8sSecretDeleteBufferSize() int
func SafeManualKeyInput() bool
func SafeSecretBackupCount() int
func SafeSecretBufferSize() int
func SafeSecretDeleteBufferSize() int
func SafeSecretNamePrefix() string
func SafeSourceAcquisitionTimeout() time.Duration
func SafeSvidPrefix() string
func SafeUseKubernetesSecrets() bool
func SentinelSvidPrefix() string
func SidecarErrorThreshold() int64
func SidecarExponentialBackoffMultiplier() int64
func SidecarMaxPollInterval() time.Duration
func SidecarPollInterval() time.Duration
func SidecarSecretsPath() string
func SidecarSuccessThreshold() int64
func SpiffeSocketUrl() string
func SystemNamespace() string
func TlsPort() string
func WorkloadSvidPrefix() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func InitContainerPollInterval ¶

func InitContainerPollInterval() time.Duration

InitContainerPollInterval returns the time interval between each poll in the Watch function. The interval is specified in milliseconds as the VSECM_INIT_CONTAINER_POLL_INTERVAL environment variable. If the environment variable is not set or is not a valid integer value, the function returns the default interval of 5000 milliseconds.

func LogLevel ¶

func LogLevel() int

LogLevel returns the value set by VSECM_LOG_LEVEL environment variable, or a default level.

VSECM_LOG_LEVEL determines the verbosity of the logs. 0: logs are off, 7: highest verbosity (TRACE).

func NotarySvidPrefix ¶

func NotarySvidPrefix() string

NotarySvidPrefix returns the prefix for the VSecM Notary SVID (SPIFFE Verifiable Identity Document) used in the VSecM system. The prefix is obtained from the environment variable VSECM_NOTARY_SVID_PREFIX. If the variable is not set, the default prefix is used.

THIS IS NOT USED AT THE MOMENT. IT IS EXPERIMENTAL.

func ProbeLivenessPort ¶

func ProbeLivenessPort() string

ProbeLivenessPort returns the port for liveness probe. It first checks the environment variable VSECM_PROBE_LIVENESS_PORT. If the variable is not set, it returns the default value ":8081".

func ProbeReadinessPort ¶

func ProbeReadinessPort() string

ProbeReadinessPort returns the port for readiness probe. It first checks the environment variable VSECM_PROBE_READINESS_PORT. If the variable is not set, it returns the default value ":8082".

func SafeAgeKeyPath ¶

func SafeAgeKeyPath() string

SafeAgeKeyPath returns the path to the safe age key directory. The path is determined by the VSECM_CRYPTO_KEY_PATH environment variable. If the environment variable is not set, the default path "/key/key.txt" is returned.

func SafeAgeKeySecretName ¶

func SafeAgeKeySecretName() string

SafeAgeKeySecretName returns the name of the environment variable that holds the VSecM Safe age key. The value is retrieved using the "VSECM_CRYPTO_KEY_NAME" environment variable. If this variable is not set or is empty, the default value "vsecm-safe-age-key" is returned.

func SafeBackingStore ¶

func SafeBackingStore() data.BackingStore

SafeBackingStore returns the storage type for the data, as specified in the VSECM_SAFE_BACKING_STORE environment variable. If the environment variable is not set, it defaults to "file". Any value that is not "file" will mean VSecM Safe will store its state in-memory

func SafeBootstrapTimeout ¶

func SafeBootstrapTimeout() time.Duration

SafeBootstrapTimeout returns the allowed time for VSecM Safe to wait before killing the pod to retrieve an SVID, in time.Duration. The interval is determined by the VSECM_SAFE_BOOTSTRAP_TIMEOUT environment variable, with a default value of 30000 milliseconds if the variable is not set or if there is an error in parsing the value.

func SafeDataPath ¶

func SafeDataPath() string

SafeDataPath returns the path to the safe data directory. The path is determined by the VSECM_SAFE_DATA_PATH environment variable. If the environment variable is not set, the default path "/data" is returned.

func SafeEndpointUrl ¶

func SafeEndpointUrl() string

SafeEndpointUrl returns the URL for the VSecM Safe endpoint used in the VMware Secres Manager system. The URL is obtained from the environment variable VSECM_SAFE_ENDPOINT_URL. If the variable is not set, the default URL is used.

func SafeFipsCompliant ¶

func SafeFipsCompliant() bool

SafeFipsCompliant returns a boolean indicating whether VSecM Safe should run in FIPS compliant mode. Note that this is not a guarantee that VSecM Safe will run in FIPS compliant mode, as it depends on the underlying base image. If you are using one of the official FIPS-complaint VMware Secrets Manager Docker images, then it will be FIPS-compliant. Check https://vsecm.com/configuration/ for more details.

func SafeK8sSecretBufferSize ¶

func SafeK8sSecretBufferSize() int

SafeK8sSecretBufferSize returns the buffer size for the VSecM Safe Kubernetes secret queue.

The buffer size is determined by the environment variable VSECM_SAFE_K8S_SECRET_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeK8sSecretDeleteBufferSize ¶

func SafeK8sSecretDeleteBufferSize() int

SafeK8sSecretDeleteBufferSize returns the buffer size for the VSecM Safe Kubernetes secret deletion queue.

The buffer size is determined by the environment variable VSECM_SAFE_K8S_SECRET_DELETE_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeManualKeyInput ¶

func SafeManualKeyInput() bool

SafeManualKeyInput returns a boolean indicating whether to use manual cryptographic key input for VSecM Safe, instead of letting it bootstrap automatically. If the environment variable is not set or its value is not "true", the function returns false. Otherwise, the function returns true.

func SafeSecretBackupCount ¶

func SafeSecretBackupCount() int

SafeSecretBackupCount retrieves the number of backups to keep for VSecM Safe secrets. If the environment variable VSECM_SAFE_SECRET_BACKUP_COUNT is not set or is not a valid integer, the default value of 3 will be returned.

func SafeSecretBufferSize ¶

func SafeSecretBufferSize() int

SafeSecretBufferSize returns the buffer size for the VSecM Safe secret queue.

The buffer size is determined by the environment variable VSECM_SAFE_SECRET_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeSecretDeleteBufferSize ¶

func SafeSecretDeleteBufferSize() int

SafeSecretDeleteBufferSize returns the buffer size for the VSecM Safe secret deletion queue.

The buffer size is determined by the environment variable VSECM_SAFE_SECRET_DELETE_BUFFER_SIZE.

If the environment variable is not set, the default buffer size is 10. If the environment variable is set and can be parsed as an integer, it will be used as the buffer size. If the environment variable is set but cannot be parsed as an integer, the default buffer size is used.

func SafeSecretNamePrefix ¶

func SafeSecretNamePrefix() string

SafeSecretNamePrefix returns the prefix to be used for the names of secrets that VSecM Safe stores, when it is configured to persist the secret in the Kubernetes cluster as Kubernetes `Secret` objects.

The prefix is retrieved using the "VSECM_SAFE_SECRET_NAME_PREFIX" environment variable. If this variable is not set or is empty, the default value "vsecm-secret-" is returned.

func SafeSourceAcquisitionTimeout ¶ added in v0.21.1

func SafeSourceAcquisitionTimeout() time.Duration

SafeSourceAcquisitionTimeout returns the timeout duration for acquiring a SPIFFE source bundle. It reads an environment variable `VSECM_SAFE_SOURCE_ACQUISITION_TIMEOUT` to determine the timeout. If the environment variable is not set, or cannot be parsed, it defaults to 10000 milliseconds.

The returned duration is in milliseconds.

Returns:

time.Duration: The time duration in milliseconds for acquiring the source.

func SafeSvidPrefix ¶

func SafeSvidPrefix() string

SafeSvidPrefix returns the prefix for the Safe SVID (Short-lived Verifiable Identity Document) used in the VSecM system. The prefix is obtained from the environment variable VSECM_SAFE_SVID_PREFIX. If the variable is not set, the default prefix is used.

func SafeUseKubernetesSecrets ¶

func SafeUseKubernetesSecrets() bool

SafeUseKubernetesSecrets returns a boolean indicating whether to create a plain text Kubernetes secret for the workloads registered. There are two things to note about this approach:

1. By design, and for security the original kubernetes `Secret` should exist, and it should be initiated to a default data as follows:

data:
  # '{}' (e30=) is a special placeholder to tell Safe that the Secret
  # is not initialized. DO NOT remove or change it.
  KEY_TXT: "e30="

2. This approach is LESS secure, and it is meant to be used for LEGACY systems where directly using the Safe Sidecar or Safe SDK are not feasible. It should be left as a last resort.

If the environment variable is not set or its value is not "true", the function returns false. Otherwise, the function returns true.

func SentinelSvidPrefix ¶

func SentinelSvidPrefix() string

SentinelSvidPrefix returns the prefix for the Safe SVID (Short-lived Verifiable Identity Document) used in the VSecM system. The prefix is obtained from the environment variable VSECM_SENTINEL_SVID_PREFIX. If the variable is not set, the default prefix is used.

func SidecarErrorThreshold ¶

func SidecarErrorThreshold() int64

SidecarErrorThreshold returns the number of consecutive failed polls before increasing the interval. The value is read from the environment variable `VSECM_SIDECAR_ERROR_THRESHOLD` or returns 2 as default.

func SidecarExponentialBackoffMultiplier ¶

func SidecarExponentialBackoffMultiplier() int64

SidecarExponentialBackoffMultiplier returns the multiplier for exponential backoff by the sidecar process. The value is read from the environment variable `VSECM_SIDECAR_EXPONENTIAL_BACKOFF_MULTIPLIER` or returns 2 as default.

func SidecarMaxPollInterval ¶

func SidecarMaxPollInterval() time.Duration

SidecarMaxPollInterval returns the maximum interval for polling by the sidecar process. The value is read from the environment variable `VSECM_SIDECAR_MAX_POLL_INTERVAL` or returns 300000 milliseconds as default.

func SidecarPollInterval ¶

func SidecarPollInterval() time.Duration

SidecarPollInterval returns the polling interval for sentry in time.Duration The interval is determined by the VSECM_SIDECAR_POLL_INTERVAL environment variable, with a default value of 20000 milliseconds if the variable is not set or if there is an error in parsing the value.

func SidecarSecretsPath ¶

func SidecarSecretsPath() string

SidecarSecretsPath returns the path to the secrets file used by the sidecar. The path is determined by the VSECM_SIDECAR_SECRETS_PATH environment variable, with a default value of "/opt/vsecm/secrets.json" if the variable is not set.

func SidecarSuccessThreshold ¶

func SidecarSuccessThreshold() int64

SidecarSuccessThreshold returns the number of consecutive successful polls before reducing the interval. The value is read from the environment variable `VSECM_SIDECAR_SUCCESS_THRESHOLD` or returns 3 as default.

func SpiffeSocketUrl ¶

func SpiffeSocketUrl() string

SpiffeSocketUrl returns the URL for the SPIFFE endpoint socket used in the VMware Secrets Manager system. The URL is obtained from the environment variable SPIFFE_ENDPOINT_SOCKET. If the variable is not set, the default URL is used.

func SystemNamespace ¶ added in v0.21.1

func SystemNamespace() string

SystemNamespace returns namespace from metadata, metadata.namespace should be passed as environment variable as VSECM_SYSTEM_NAMESPACE to the container.

func TlsPort ¶

func TlsPort() string

TlsPort returns the secure port for VSecM Safe to listen on. It checks the VSECM_SAFE_TLS_PORT environment variable. If the variable is not set, it defaults to ":8443".

func WorkloadSvidPrefix ¶

func WorkloadSvidPrefix() string

WorkloadSvidPrefix returns the prefix for the Workload SVID (SPIFFE Verifiable Identity Document) used in the VSecM system. The prefix is obtained from the environment variable VSECM_WORKLOAD_SVID_PREFIX. If the variable is not set, the default prefix is used.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL