collection

package

v0.27.0 Latest Latest Go to latest Published: Jul 28, 2024 License: BSD-2-Clause Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vmware-tanzu/secrets-manager

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AllSecrets(cid string) []entity.Secret
func AllSecretsEncrypted(cid string) []entity.SecretEncrypted
func DeleteSecret(secretToDelete entity.SecretStored)
func KeystoneInitialized(cid string) bool
func PopulateSecrets(cid string) error
func ReadSecret(cid string, key string) (*entity.SecretStored, error)
func SecretByName(cid string, name string) *entity.Secret
func SecretsPopulated() bool
func UpsertSecret(secretStored entity.SecretStored, appendValue bool)

Constants ¶

This section is empty.

Variables ¶

View Source

var Secrets sync.Map

Secrets is where all the secrets are stored.

Functions ¶

func AllSecrets ¶

func AllSecrets(cid string) []entity.Secret

AllSecrets returns a slice of entity.Secret containing all secrets currently stored. If no secrets are found, an empty slice is returned.

func AllSecretsEncrypted ¶

func AllSecretsEncrypted(cid string) []entity.SecretEncrypted

AllSecretsEncrypted returns a slice of entity.SecretEncrypted containing all secrets currently stored. If no secrets are found, an empty slice is returned.

func DeleteSecret ¶

func DeleteSecret(secretToDelete entity.SecretStored)

DeleteSecret orchestrates the deletion of a specified secret from both the application's internal cache and its persisted storage locations, which may include local filesystem and Kubernetes secrets. The deletion process is contingent upon the secret's metadata, specifically its backing store and whether it is used as a Kubernetes secret.

Parameters:

secretToDelete (entity.SecretStored): The secret entity marked for deletion, containing necessary metadata such as the name of the secret, its correlation ID for logging, and metadata specifying where and how the secret is stored.

func KeystoneInitialized ¶

func KeystoneInitialized(cid string) bool

KeystoneInitialized checks whether the keystone secret is registered.

This is a utility function that depends on the SecretByName function to check for the presence of the specific secret. A return value of true indicates that the keystone is initialized and ready for use, while false indicates it is not.

Parameters:

cid string: A correlation ID used for logging and tracing.

Returns:

bool: True if the keystone secret is present, false otherwise.

func PopulateSecrets ¶

func PopulateSecrets(cid string) error

PopulateSecrets scans the designated secrets storage directory on disk, reading each secret file that is not marked as a backup, and loads the secrets into a global store if they have not already been loaded. This ensures that the application's current session has access to all persisted secrets. It uses a locking mechanism to prevent concurrent execution and ensure data consistency.

Parameters:

cid (string): A correlation ID that is used for logging purposes, allowing for the tracing of the populate operation through logs.

Returns:

error: If an error occurs during the directory reading or secret reading process, it returns an error wrapped with context about the failure point. If no errors occur, it returns nil to indicate successful completion.

func ReadSecret ¶

func ReadSecret(cid string, key string) (*entity.SecretStored, error)

ReadSecret takes a key string and returns a pointer to an entity.SecretStored object if the secret exists in the in-memory store. If the secret is not found in memory, it attempts to read it from disk, store it in memory, and return it. If the secret is not found on disk, it returns nil.

func SecretByName ¶

func SecretByName(cid string, name string) *entity.Secret

SecretByName retrieves a secret by its name. This function first checks if the secrets have been populated in the cache. If not, it populates the secrets using the root key triplet. It then attempts to load the secret by name from the populated cache.

Parameters:

cid string: A correlation ID used to track the request and associated logging. This ID helps in tracing and debugging operations across different components or services that handle the secret data.
name string: The name of the secret to be retrieved.

Returns:

*entity.Secret: A pointer to the Secret entity if found. The Secret structure includes fields such as Name, Created, Updated, NotBefore, and ExpiresAfter. Each of these timestamp fields is converted from the stored format to a JSON compatible format. Returns nil if no secret with the provided name is found in the cache.

Error Handling:

If there is an error in populating the secrets from the disk (e.g., due to read errors or data corruption), the function logs a warning message with the correlation ID and the error message but continues execution. This does not halt the function, and it subsequently tries to fetch the secret if already available in the cache.

func SecretsPopulated ¶

func SecretsPopulated() bool

SecretsPopulated returns a boolean indicating whether the secrets have been populated.

func UpsertSecret ¶

func UpsertSecret(secretStored entity.SecretStored, appendValue bool)

UpsertSecret takes an entity.SecretStored object and inserts it into the in-memory store if it doesn't exist, or updates it if it does. It also handles updating the backing store and Kubernetes secrets if necessary. If appendValue is true, the new value will be appended to the existing values, otherwise it will replace the existing values.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL