Documentation
¶
Overview ¶
Package secrets provides primitives for resolving secrets from external sources, such as Hashicorp Vault or Azure Key Vault, into Credential Sets and injecting them into bundle runtimes.
Index ¶
- Constants
- type PluginAdapter
- type Set
- type Source
- func (s Source) MarshalJSON() ([]byte, error)
- func (s Source) MarshalRaw() interface{}
- func (s Source) MarshalYAML() (interface{}, error)
- func (s *Source) UnmarshalJSON(data []byte) error
- func (s *Source) UnmarshalRaw(raw map[string]interface{}) error
- func (s *Source) UnmarshalYAML(value *yaml.Node) error
- type SourceMap
- type Store
- type StrategyList
- type TestSecretsProvider
Constants ¶
View Source
const SourceSecret = "secret"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PluginAdapter ¶ added in v1.0.1
type PluginAdapter struct {
// contains filtered or unexported fields
}
PluginAdapter converts between the low-level plugins.SecretsProtocol and the secrets.Store interface.
func NewPluginAdapter ¶ added in v1.0.1
func NewPluginAdapter(plugin plugins.SecretsProtocol) PluginAdapter
NewPluginAdapter wraps the specified storage plugin.
func (PluginAdapter) Close ¶ added in v1.0.1
func (a PluginAdapter) Close() error
type Set ¶ added in v1.0.1
Set is an actual set of resolved values. This is the output of resolving a parameter or credential set file.
func (Set) IsValid ¶ added in v1.0.1
IsValid determines if the provided key (designating a name of a parameter or credential) is included in the provided set
func (Set) Merge ¶ added in v1.0.1
Merge merges a second Set into the base.
Duplicate names are not allow and will result in an error, this is the case even if the values are identical.
func (Set) ToCNAB ¶ added in v1.0.1
func (s Set) ToCNAB() valuesource.Set
ToCNAB converts this to a type accepted by the cnab-go runtime.
type Source ¶ added in v1.0.1
type Source struct {
// Strategy to resolve the source value, e.g. "secret" or "env".
Strategy string
// Hint to the strategy handler on how to resolve the value.
// For example the name of the secret in a secret store or name of an environment variable.
Hint string
}
Source specifies how to resolve a parameter or credential from an external source.
func (Source) MarshalJSON ¶ added in v1.0.1
func (Source) MarshalRaw ¶ added in v1.0.1
func (s Source) MarshalRaw() interface{}
func (Source) MarshalYAML ¶ added in v1.0.1
func (*Source) UnmarshalJSON ¶ added in v1.0.1
func (*Source) UnmarshalRaw ¶ added in v1.0.1
func (*Source) UnmarshalYAML ¶ added in v1.0.1
type SourceMap ¶ added in v1.0.14
type SourceMap struct {
// Name is the name of the parameter or credential.
Name string `json:"name" yaml:"name"`
// Source defines a strategy for resolving a value from the specified source.
Source Source `json:"source,omitempty" yaml:"source,omitempty"`
// ResolvedValue holds the resolved parameter or credential value.
// When a parameter or credential is resolved, it is loaded into this field. In all
// other cases, it is empty. This field is omitted during serialization.
ResolvedValue string `json:"-" yaml:"-"`
}
SourceMap maps from a parameter or credential name to a source strategy for resolving its value.
type Store ¶ added in v1.0.1
type Store interface {
Close() error
// Resolve a credential's value from a secret store
// - keyName is name of the key where the secret can be found.
// - keyValue is the value of the key.
// Examples:
// - keyName=env, keyValue=CONN_STRING
// - keyName=key, keyValue=conn-string
// - keyName=path, keyValue=/tmp/connstring.txt
Resolve(ctx context.Context, keyName string, keyValue string) (string, error)
// Create stores a secret value in a secret store.
// - keyName is name of the key where the secret can be found.
// - keyValue is the value of the key.
// Examples:
// - keyName=env, keyValue=CONN_STRING, value=redis://foo
// - keyName=key, keyValue=conn-string, value=redis://foo
// - keyName=path, keyValue=/tmp/connstring.txt, value=redis://foo
Create(ctx context.Context, keyName string, keyValue string, value string) error
}
Store is the interface that Porter uses to interact with secrets.
type StrategyList ¶ added in v1.0.12
type StrategyList []SourceMap
func (StrategyList) Len ¶ added in v1.0.12
func (l StrategyList) Len() int
func (StrategyList) Less ¶ added in v1.0.12
func (l StrategyList) Less(i, j int) bool
func (StrategyList) Swap ¶ added in v1.0.12
func (l StrategyList) Swap(i, j int)
type TestSecretsProvider ¶ added in v1.0.1
type TestSecretsProvider struct {
PluginAdapter
// contains filtered or unexported fields
}
func NewTestSecretsProvider ¶ added in v1.0.1
func NewTestSecretsProvider() TestSecretsProvider
func (TestSecretsProvider) Close ¶ added in v1.0.1
func (s TestSecretsProvider) Close() error
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
filesystem
Package filesystem provides a plugin implementing the secret plugin protocol for creating/resolving secrets from the local filesystem.
|
Package filesystem provides a plugin implementing the secret plugin protocol for creating/resolving secrets from the local filesystem. |
|
host
Package host provides a plugin implementing the original behavior of resolving secrets from the local host: environment variables, paths, commands and static values.
|
Package host provides a plugin implementing the original behavior of resolving secrets from the local host: environment variables, paths, commands and static values. |
|
in-memory
Package inmemory provides an in-memory implementation of a secret store suitable for unit testing.
|
Package inmemory provides an in-memory implementation of a secret store suitable for unit testing. |
|
proto
Package proto is the protobuf definition for the SecretsProtocol
|
Package proto is the protobuf definition for the SecretsProtocol |
|
Package pluginstore is an internal Porter package that implements the plugins.SecretsPlugin interface.
|
Package pluginstore is an internal Porter package that implements the plugins.SecretsPlugin interface. |
Click to show internal directories.
Click to hide internal directories.