secrets

package
v0.21.251 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2025 License: Apache-2.0, MIT Imports: 17 Imported by: 2

Documentation

Overview

Package secrets implements features we need to create, get, update, rotate secrets and encryption decryption across a fleet of skipper instances.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrWrongFileType    = errors.New("file type not supported")
	ErrFailedToReadFile = errors.New("failed to read file")
)

Functions

This section is empty.

Types

type Encrypter

type Encrypter struct {
	// contains filtered or unexported fields
}

func WithSource

func WithSource(s SecretSource) (*Encrypter, error)

WithSource can be used to create an Encrypter, for example in secrettest for testing purposes.

func (*Encrypter) Close

func (e *Encrypter) Close()

func (*Encrypter) CreateNonce

func (e *Encrypter) CreateNonce() ([]byte, error)

func (*Encrypter) Decrypt

func (e *Encrypter) Decrypt(cipherText []byte) ([]byte, error)

Decrypt decrypts given cipher text

func (*Encrypter) Encrypt

func (e *Encrypter) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts given plaintext

func (*Encrypter) RefreshCiphers

func (e *Encrypter) RefreshCiphers() error

RefreshCiphers rotates the list of cipher.AEAD initialized with SecretSource from the Encrypter.

type EncrypterCreator added in v0.11.27

type EncrypterCreator interface {
	GetEncrypter(time.Duration, string) (Encryption, error)
}

type Encryption

type Encryption interface {
	CreateNonce() ([]byte, error)
	Decrypt([]byte) ([]byte, error)
	Encrypt([]byte) ([]byte, error)
	Close()
}

type HostSecret added in v0.11.42

type HostSecret struct {
	// contains filtered or unexported fields
}

HostSecret can be used to get secrets by hostnames.

func NewHostSecret added in v0.11.42

func NewHostSecret(sr SecretsReader, h map[string]string) *HostSecret

NewHostSecret create a SecretsReader that returns a secret for given host. The given map is used to map hostname to the secrets reader key to read the secret from.

func (*HostSecret) Close added in v0.11.42

func (hs *HostSecret) Close()

func (*HostSecret) GetSecret added in v0.11.42

func (hs *HostSecret) GetSecret(s string) ([]byte, bool)

GetSecret returns secret for given URL string using the hostname.

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

func NewRegistry

func NewRegistry() *Registry

NewRegistry returns a Registry and implements EncrypterCreator to store and manage secrets

func (*Registry) Close

func (r *Registry) Close()

Close will close all Encryption of the Registry

func (*Registry) GetEncrypter added in v0.11.27

func (r *Registry) GetEncrypter(refreshInterval time.Duration, file string) (Encryption, error)

type SecretPaths added in v0.10.263

type SecretPaths struct {
	// contains filtered or unexported fields
}

func NewSecretPaths added in v0.10.263

func NewSecretPaths(d time.Duration) *SecretPaths

NewSecretPaths creates a SecretPaths, that implements a SecretsProvider. It runs every d interval background refresher as a side effect. On tear down make sure to Close() it.

func (*SecretPaths) Add added in v0.10.263

func (sp *SecretPaths) Add(path string) error

Add registers path to a file or directory to find secrets. Background refresher discovers files added or removed later to the directory path. The path of the file will be the key to get the secret.

func (*SecretPaths) Close added in v0.10.263

func (sp *SecretPaths) Close()

func (*SecretPaths) GetSecret added in v0.10.263

func (sp *SecretPaths) GetSecret(s string) ([]byte, bool)

GetSecret returns secret and if found or not for a given name.

type SecretSource

type SecretSource interface {
	GetSecret() ([][]byte, error)
}

SecretSource

type SecretsProvider added in v0.10.263

type SecretsProvider interface {
	SecretsReader
	// Add adds the given source that contains a secret to the
	// automatically updated secrets store
	Add(string) error
}

SecretsProvider is a SecretsReader and can add secret sources that contain a secret. It will automatically update secrets if the source changed.

type SecretsReader added in v0.10.263

type SecretsReader interface {
	// GetSecret finds secret by name and returns secret and if found or not
	GetSecret(string) ([]byte, bool)
	// Close should be used on teardown to cleanup a refresher
	// goroutine. Implementers should check of this interface
	// should check nil pointer, such that caller do not need to
	// check.
	Close()
}

SecretsReader is able to get a secret

type StaticDelegateSecret added in v0.11.42

type StaticDelegateSecret struct {
	// contains filtered or unexported fields
}

StaticDelegateSecret delegates with a static string to the wrapped SecretsReader

func NewStaticDelegateSecret added in v0.11.42

func NewStaticDelegateSecret(sr SecretsReader, s string) *StaticDelegateSecret

NewStaticDelegateSecret creates a wrapped SecretsReader, that use given s to the underlying SecretsReader to return the secret.

func (*StaticDelegateSecret) Close added in v0.11.42

func (sds *StaticDelegateSecret) Close()

Close delegates to the wrapped SecretsReader.

func (*StaticDelegateSecret) GetSecret added in v0.11.42

func (sds *StaticDelegateSecret) GetSecret(string) ([]byte, bool)

GetSecret returns the secret looked up by the static key via delegated SecretsReader.

type StaticSecret added in v0.11.42

type StaticSecret []byte

StaticSecret implements SecretsReader interface. Example:

sec := []byte("mysecret")
sss := StaticSecret(sec)
b,_ := sss.GetSecret("")
string(b) == sec // true

func (StaticSecret) Close added in v0.11.42

func (st StaticSecret) Close()

Close implements SecretsReader.

func (StaticSecret) GetSecret added in v0.11.42

func (st StaticSecret) GetSecret(string) ([]byte, bool)

GetSecret returns the static secret

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL