Documentation ¶
Overview ¶
Package secrets implements features we need to create, get, update, rotate secrets and encryption decryption across a fleet of skipper instances.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrWrongFileType = errors.New("file type not supported") ErrFailedToReadFile = errors.New("failed to read file") )
Functions ¶
This section is empty.
Types ¶
type Encrypter ¶
type Encrypter struct {
// contains filtered or unexported fields
}
func WithSource ¶
func WithSource(s SecretSource) (*Encrypter, error)
WithSource can be used to create an Encrypter, for example in secrettest for testing purposes.
func (*Encrypter) CreateNonce ¶
func (*Encrypter) RefreshCiphers ¶
RefreshCiphers rotates the list of cipher.AEAD initialized with SecretSource from the Encrypter.
type EncrypterCreator ¶ added in v0.11.27
type EncrypterCreator interface {
GetEncrypter(time.Duration, string) (Encryption, error)
}
type Encryption ¶
type HostSecret ¶ added in v0.11.42
type HostSecret struct {
// contains filtered or unexported fields
}
HostSecret can be used to get secrets by hostnames.
func NewHostSecret ¶ added in v0.11.42
func NewHostSecret(sr SecretsReader, h map[string]string) *HostSecret
NewHostSecret create a SecretsReader that returns a secret for given host. The given map is used to map hostname to the secrets reader key to read the secret from.
func (*HostSecret) Close ¶ added in v0.11.42
func (hs *HostSecret) Close()
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
func NewRegistry ¶
func NewRegistry() *Registry
NewRegistry returns a Registry and implements EncrypterCreator to store and manage secrets
func (*Registry) GetEncrypter ¶ added in v0.11.27
type SecretPaths ¶ added in v0.10.263
type SecretPaths struct {
// contains filtered or unexported fields
}
func NewSecretPaths ¶ added in v0.10.263
func NewSecretPaths(d time.Duration) *SecretPaths
NewSecretPaths creates a SecretPaths, that implements a SecretsProvider. It runs every d interval background refresher as a side effect. On tear down make sure to Close() it.
func (*SecretPaths) Add ¶ added in v0.10.263
func (sp *SecretPaths) Add(p string) error
Add adds a file or directory to find secrets in all files found. The path of the file will be the key to get the secret. Add is not synchronized and is not safe to call concurrently. Add has a side effect of lazily init a goroutine to start a single background refresher for the SecretPaths instance.
func (*SecretPaths) Close ¶ added in v0.10.263
func (sp *SecretPaths) Close()
type SecretsProvider ¶ added in v0.10.263
type SecretsProvider interface { SecretsReader // Add adds the given source that contains a secret to the // automatically updated secrets store Add(string) error }
SecretsProvider is a SecretsReader and can add secret sources that contain a secret. It will automatically update secrets if the source changed.
type SecretsReader ¶ added in v0.10.263
type SecretsReader interface { // GetSecret finds secret by name and returns secret and if found or not GetSecret(string) ([]byte, bool) // Close should be used on teardown to cleanup a refresher // goroutine. Implementers should check of this interface // should check nil pointer, such that caller do not need to // check. Close() }
SecretsReader is able to get a secret
type StaticDelegateSecret ¶ added in v0.11.42
type StaticDelegateSecret struct {
// contains filtered or unexported fields
}
StaticDelegateSecret delegates with a static string to the wrapped SecretsReader
func NewStaticDelegateSecret ¶ added in v0.11.42
func NewStaticDelegateSecret(sr SecretsReader, s string) *StaticDelegateSecret
NewStaticDelegateSecret creates a wrapped SecretsReader, that use given s to the underlying SecretsReader to return the secret.
func (*StaticDelegateSecret) Close ¶ added in v0.11.42
func (sds *StaticDelegateSecret) Close()
Close delegates to the wrapped SecretsReader.
type StaticSecret ¶ added in v0.11.42
type StaticSecret []byte
StaticSecret implements SecretsReader interface. Example:
sec := []byte("mysecret") sss := StaticSecret(sec) b,_ := sss.GetSecret("") string(b) == sec // true
func (StaticSecret) Close ¶ added in v0.11.42
func (st StaticSecret) Close()
Close implements SecretsReader.