secretutil

package

v0.0.0-...-8e8a5cf Latest Latest Go to latest Published: Dec 24, 2024 License: Apache-2.0 Imports: 4 Imported by: 6

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes-sigs/prow

Documentation ¶

Overview ¶

Package secretutil implements utilities to operate on secret data.

Package secretutil contains utilities for operating with secret data.

Index ¶

func AdaptCensorer(censorer Censorer) func(input []byte) []byte
type Censorer
type ReloadingCensorer
- func NewCensorer() *ReloadingCensorer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AdaptCensorer ¶

func AdaptCensorer(censorer Censorer) func(input []byte) []byte

AdaptCensorer returns a func that censors without touching the input, to be used in places where the previous behavior is required while migrations occur.

Types ¶

type Censorer ¶

type Censorer interface {
	// Censor will remove sensitive data previously registered with the Censorer
	// from the input. This is thread-safe, will mutate the input and will never
	// change the overall size of the input.
	Censor(input *[]byte)
}

Censorer knows how to replace sensitive data from input.

type ReloadingCensorer ¶

type ReloadingCensorer struct {
	*sync.RWMutex
	*bytereplacer.Replacer
	// contains filtered or unexported fields
}

func NewCensorer ¶

func NewCensorer() *ReloadingCensorer

func (*ReloadingCensorer) Censor ¶

func (c *ReloadingCensorer) Censor(input *[]byte)

Censor will remove sensitive data previously registered with the Censorer from the input. This is thread-safe, will mutate the input and will never change the overall size of the input. Censoring will attempt to be intelligent about how content is removed from the input - when the ReloadingCensorer is given secrets to censor, we:

handle the case where whitespace is needed to be trimmed
censor not only the plaintext representation of the secret but also the base64-encoded representation of it, as it's common for k8s Secrets to contain information in this way

func (*ReloadingCensorer) LargestSecret ¶

func (c *ReloadingCensorer) LargestSecret() int

LargestSecret returns the size of the largest secret we will censor.

func (*ReloadingCensorer) Refresh ¶

func (c *ReloadingCensorer) Refresh(secrets ...string)

Refresh refreshes the set of secrets that we censor.

func (*ReloadingCensorer) RefreshBytes ¶

func (c *ReloadingCensorer) RefreshBytes(secrets ...[]byte)

RefreshBytes refreshes the set of secrets that we censor.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL