Documentation
¶
Index ¶
- Variables
- func Stores() map[string]SecretStore
- type AuthenticationError
- type AuthorizationError
- type ByIDString
- type Credentials
- type CurrentDeployError
- type Environment
- type IdentifierAlreadyExistsError
- type IdentifierNotFoundError
- type InvalidEnvironmentError
- type InvalidIdentifierError
- type MalformedVersionError
- type MemoryStore
- func (s *MemoryStore) Create(id SecretIdentifier, value string) error
- func (s *MemoryStore) Delete(id SecretIdentifier) error
- func (s *MemoryStore) History(id SecretIdentifier) ([]SecretMeta, error)
- func (s *MemoryStore) List(env Environment, service string) ([]SecretIdentifier, error)
- func (s *MemoryStore) ListAll(env Environment) ([]SecretIdentifier, error)
- func (s *MemoryStore) Read(id SecretIdentifier) (Secret, error)
- func (s *MemoryStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
- func (s *MemoryStore) Update(id SecretIdentifier, value string) (Secret, error)
- type MockStore
- func (s *MockStore) Create(id SecretIdentifier, value string) error
- func (s *MockStore) Delete(id SecretIdentifier) error
- func (s *MockStore) History(id SecretIdentifier) ([]SecretMeta, error)
- func (s *MockStore) List(env Environment, service string) ([]SecretIdentifier, error)
- func (s *MockStore) ListAll(env Environment) ([]SecretIdentifier, error)
- func (s *MockStore) Read(id SecretIdentifier) (Secret, error)
- func (s *MockStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
- func (s *MockStore) Update(id SecretIdentifier, value string) (Secret, error)
- type ParameterStore
- func (s *ParameterStore) Create(id SecretIdentifier, value string) error
- func (s *ParameterStore) Delete(id SecretIdentifier) error
- func (s *ParameterStore) GetOrderedRegions() []string
- func (s *ParameterStore) History(id SecretIdentifier) ([]SecretMeta, error)
- func (s *ParameterStore) List(env Environment, service string) ([]SecretIdentifier, error)
- func (s *ParameterStore) ListAll(env Environment) ([]SecretIdentifier, error)
- func (s *ParameterStore) Read(id SecretIdentifier) (Secret, error)
- func (s *ParameterStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
- func (s *ParameterStore) Update(id SecretIdentifier, value string) (Secret, error)
- type Secret
- type SecretIdentifier
- type SecretMeta
- type SecretStore
- type UnicredsConfig
- type UnicredsStore
- func (s *UnicredsStore) Create(id SecretIdentifier, value string) error
- func (s *UnicredsStore) Delete(id SecretIdentifier) error
- func (s *UnicredsStore) History(id SecretIdentifier) ([]SecretMeta, error)
- func (s *UnicredsStore) List(env Environment, service string) ([]SecretIdentifier, error)
- func (s *UnicredsStore) ListAll(env Environment) ([]SecretIdentifier, error)
- func (s *UnicredsStore) Read(id SecretIdentifier) (Secret, error)
- func (s *UnicredsStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
- func (s *UnicredsStore) Update(id SecretIdentifier, value string) (Secret, error)
- type VersionNotFoundError
Constants ¶
This section is empty.
Variables ¶
var CITest = UnicredsConfig{UnicredsPath: &ciTestPath, UnicredsAlias: ciTestKey}
CITest is the ci-test unicreds config
var DefaultRegion = "us-west-1"
var Development = UnicredsConfig{UnicredsPath: &devPath, UnicredsAlias: devKey}
Development is the dev unicreds config
var Production = UnicredsConfig{UnicredsPath: &prodPath, UnicredsAlias: prodKey}
Production is the production unicreds config
var Region string
Region is default region for unicreds config
Functions ¶
Types ¶
type AuthenticationError ¶
type AuthenticationError struct{}
AuthenticationError occurs when the given credentials fail to access the secret store
func (*AuthenticationError) Error ¶
func (e *AuthenticationError) Error() string
type AuthorizationError ¶
type AuthorizationError struct {
Identifier SecretIdentifier
}
AuthorizationError occurs when a user lacks sufficient access to interact with a Secret (read-only? read/write?)
func (*AuthorizationError) Error ¶
func (e *AuthorizationError) Error() string
type ByIDString ¶
type ByIDString []SecretIdentifier
ByIDString allows sorting SecretIdentifiers by Key
func (ByIDString) Len ¶
func (s ByIDString) Len() int
func (ByIDString) Less ¶
func (s ByIDString) Less(i, j int) bool
func (ByIDString) Swap ¶
func (s ByIDString) Swap(i, j int)
type Credentials ¶
Credentials needed to authenticate with secrets backend, such as a token
type CurrentDeployError ¶ added in v0.1.2
type CurrentDeployError struct {
Identifier string
}
CurrentDeployError occurs when a parameter name has suffix current-deploy. Such parameters are private to catapult service and should not be surfaced via interface
func (*CurrentDeployError) Error ¶ added in v0.1.2
func (e *CurrentDeployError) Error() string
type Environment ¶
type Environment int
Environment is an Enum to access different Stealth stores
const ( // ProductionEnvironment is an index for prod ProductionEnvironment Environment = iota // DevelopmentEnvironment is an index for dev DevelopmentEnvironment // CITestEnvironment is an index for ci-test CITestEnvironment )
func (Environment) String ¶ added in v0.3.0
func (e Environment) String() string
type IdentifierAlreadyExistsError ¶
type IdentifierAlreadyExistsError struct {
Identifier SecretIdentifier
}
IdentifierAlreadyExistsError occurs when Create is called and an identifier already exists
func (*IdentifierAlreadyExistsError) Error ¶
func (e *IdentifierAlreadyExistsError) Error() string
type IdentifierNotFoundError ¶
type IdentifierNotFoundError struct { Identifier SecretIdentifier Region string }
IdentifierNotFoundError occurs when a secret identifier cannot be found (during Read, History, Update)
func (*IdentifierNotFoundError) Error ¶
func (e *IdentifierNotFoundError) Error() string
type InvalidEnvironmentError ¶ added in v0.1.2
type InvalidEnvironmentError struct {
Identifier string
}
InvalidEnvironmentError occurs when a parameter name is using non-compatible environment name
func (*InvalidEnvironmentError) Error ¶ added in v0.1.2
func (e *InvalidEnvironmentError) Error() string
type InvalidIdentifierError ¶
type InvalidIdentifierError struct {
Identifier SecretIdentifier
}
InvalidIdentifierError occurs when a malformed identifier argument is given to a SecretStore method
func (*InvalidIdentifierError) Error ¶
func (e *InvalidIdentifierError) Error() string
type MalformedVersionError ¶
type MalformedVersionError struct { Identifier SecretIdentifier MalformedVersion string }
MalformedVersionError occurs when a secret version is malformed
func (*MalformedVersionError) Error ¶
func (e *MalformedVersionError) Error() string
type MemoryStore ¶
type MemoryStore struct {
// contains filtered or unexported fields
}
MemoryStore is an in-memory secret store, for testing
func (*MemoryStore) Create ¶
func (s *MemoryStore) Create(id SecretIdentifier, value string) error
Create creates a secret in the store
func (*MemoryStore) Delete ¶
func (s *MemoryStore) Delete(id SecretIdentifier) error
Delete deletes all versions of a secret
func (*MemoryStore) History ¶
func (s *MemoryStore) History(id SecretIdentifier) ([]SecretMeta, error)
History gets all historical versions of a secret
func (*MemoryStore) List ¶
func (s *MemoryStore) List(env Environment, service string) ([]SecretIdentifier, error)
List gets all secret identifiers within a namespace
func (*MemoryStore) ListAll ¶
func (s *MemoryStore) ListAll(env Environment) ([]SecretIdentifier, error)
ListAll gets all secret identifiers within an environment
func (*MemoryStore) Read ¶
func (s *MemoryStore) Read(id SecretIdentifier) (Secret, error)
Read a secret from the store
func (*MemoryStore) ReadVersion ¶
func (s *MemoryStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
ReadVersion reads a version of a secret
func (*MemoryStore) Update ¶
func (s *MemoryStore) Update(id SecretIdentifier, value string) (Secret, error)
Update updates a secret in the secret store
type MockStore ¶
type MockStore struct{}
MockStore is a mocked secret store, for testing
func (*MockStore) Create ¶
func (s *MockStore) Create(id SecretIdentifier, value string) error
Create (no-op) mocks creating a secret
func (*MockStore) Delete ¶
func (s *MockStore) Delete(id SecretIdentifier) error
Delete (no-op) mocks deleting all versions of a secret
func (*MockStore) History ¶
func (s *MockStore) History(id SecretIdentifier) ([]SecretMeta, error)
History (no-op) mocks retrieving historical versions of a secret
func (*MockStore) List ¶
func (s *MockStore) List(env Environment, service string) ([]SecretIdentifier, error)
List (no-op) mocks listing all secrets in a namespace
func (*MockStore) ListAll ¶
func (s *MockStore) ListAll(env Environment) ([]SecretIdentifier, error)
ListAll (no-op) mocks listing all secrets in an environment
func (*MockStore) Read ¶
func (s *MockStore) Read(id SecretIdentifier) (Secret, error)
Read (no-op) mocks reading a secret
func (*MockStore) ReadVersion ¶
func (s *MockStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
ReadVersion (no-op) mocks reading a version of a secret
type ParameterStore ¶ added in v0.1.0
type ParameterStore struct { ParamRegion string // contains filtered or unexported fields }
ParameterStore is a secret store that uses AWS SSM Parameter store
func NewParameterStore ¶ added in v0.1.0
func NewParameterStore(maxResultsToQuery int64) *ParameterStore
NewParameterStore creates a secret store that points at ParameterStore
func (*ParameterStore) Create ¶ added in v0.1.0
func (s *ParameterStore) Create(id SecretIdentifier, value string) error
Create creates a Secret in the secret store. Version is guaranteed to be zero if no error is returned.
func (*ParameterStore) Delete ¶ added in v0.1.0
func (s *ParameterStore) Delete(id SecretIdentifier) error
Delete deletes all versions of a secret
func (*ParameterStore) GetOrderedRegions ¶ added in v0.3.0
func (s *ParameterStore) GetOrderedRegions() []string
GetOrderedRegions provides guarantees that actions on ParamStore will happen within a specific order every time. This is helpful for any errors with inconsistent state
func (*ParameterStore) History ¶ added in v0.1.0
func (s *ParameterStore) History(id SecretIdentifier) ([]SecretMeta, error)
History gets history for a secret, returning all versions from the store.
func (*ParameterStore) List ¶ added in v0.1.0
func (s *ParameterStore) List(env Environment, service string) ([]SecretIdentifier, error)
List gets secrets within a namespace (env/service)>
func (*ParameterStore) ListAll ¶ added in v0.1.0
func (s *ParameterStore) ListAll(env Environment) ([]SecretIdentifier, error)
ListAll gets all secrets within a environment (env)>
func (*ParameterStore) Read ¶ added in v0.1.0
func (s *ParameterStore) Read(id SecretIdentifier) (Secret, error)
Read a Secret from the store. Returns the latest version of the secret.
func (*ParameterStore) ReadVersion ¶ added in v0.1.0
func (s *ParameterStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
ReadVersion reads a specific version of a secret from the store. Version is 0-indexed
func (*ParameterStore) Update ¶ added in v0.1.0
func (s *ParameterStore) Update(id SecretIdentifier, value string) (Secret, error)
Update updates a Secret from the store and increments version number.
type Secret ¶
type Secret struct { // Data is the actual secret value Data string `json:"data"` // Meta is the information about the secret Meta SecretMeta `json:"meta"` }
Secret is the unit the secret store
type SecretIdentifier ¶
type SecretIdentifier struct { Environment Environment Service, Key string }
SecretIdentifier is a lookup key for a secret, including the production flag, the service name, and the specific key
func GetRandomTestSecretIdentifier ¶
func GetRandomTestSecretIdentifier() SecretIdentifier
GetRandomTestSecretIdentifier returns a random key in the ci-test environment
func (SecretIdentifier) EnvironmentString ¶
func (id SecretIdentifier) EnvironmentString() string
EnvironmentString returns the environment used for the secret identifier, as a string
func (SecretIdentifier) String ¶
func (id SecretIdentifier) String() string
String() returns the key used for the secret identifier
type SecretMeta ¶
type SecretMeta struct { Created time.Time `json:"created"` Expiration time.Time `json:"expiration"` Version int `json:"version"` }
SecretMeta is metadata to manage a secret
type SecretStore ¶
type SecretStore interface { // Creates a Secret in the secret store. Version is guaranteed to be zero if no error is returned. Create(id SecretIdentifier, value string) error // Read a Secret from the store. Returns the latest version of the secret. Read(id SecretIdentifier) (Secret, error) // ReadVersion reads a specific version of a secret from the store. // Version is 0-indexed ReadVersion(id SecretIdentifier, version int) (Secret, error) // Updates a Secret from the store and increments version number. Update(id SecretIdentifier, value string) (Secret, error) // List gets secrets within a namespace (env/service)> List(env Environment, service string) ([]SecretIdentifier, error) // ListAll gets all secrets within a environment (env)> ListAll(env Environment) ([]SecretIdentifier, error) // History gets history for a secret, returning all versions from the store. History(id SecretIdentifier) ([]SecretMeta, error) // Delete deletes all versions of a secret Delete(id SecretIdentifier) error }
SecretStore is the CRUD-like interface for Secrets
func NewMemoryStore ¶
func NewMemoryStore() SecretStore
NewMemoryStore creates an in-memory secret store
func NewMockStore ¶
func NewMockStore() SecretStore
NewMockStore creates a mock secret store, with all no-op methods.
type UnicredsConfig ¶
UnicredsConfig stores the configuration for a unicreds KMS and DynamoDB
type UnicredsStore ¶
type UnicredsStore struct { Environments map[Environment]UnicredsConfig Region string }
UnicredsStore is a secret store pointing at a prod and dev unicreds (https://github.com/Clever/unicreds) backend
func NewUnicredsStore ¶
func NewUnicredsStore() *UnicredsStore
NewUnicredsStore creates a secret store that points at DynamoDB and KMS AWS resources
func (*UnicredsStore) Create ¶
func (s *UnicredsStore) Create(id SecretIdentifier, value string) error
Create creates a key in the unicreds store
func (*UnicredsStore) Delete ¶
func (s *UnicredsStore) Delete(id SecretIdentifier) error
Delete deletes all versions of a secret from the secret store. Note that this is a Unicreds-only function - not part of the SecretStore interface.
func (*UnicredsStore) History ¶
func (s *UnicredsStore) History(id SecretIdentifier) ([]SecretMeta, error)
History returns all versions of a secret
func (*UnicredsStore) List ¶
func (s *UnicredsStore) List(env Environment, service string) ([]SecretIdentifier, error)
List gets all secrets in a namespace
func (*UnicredsStore) ListAll ¶
func (s *UnicredsStore) ListAll(env Environment) ([]SecretIdentifier, error)
ListAll gets all secrets in an environment. Note that this is a Unicreds-only function - not part of the SecretStore interface.
func (*UnicredsStore) Read ¶
func (s *UnicredsStore) Read(id SecretIdentifier) (Secret, error)
Read reads the latest version of the secret
func (*UnicredsStore) ReadVersion ¶
func (s *UnicredsStore) ReadVersion(id SecretIdentifier, version int) (Secret, error)
ReadVersion reads a version of a secret
func (*UnicredsStore) Update ¶
func (s *UnicredsStore) Update(id SecretIdentifier, value string) (Secret, error)
Update writes a new version of the key
type VersionNotFoundError ¶
type VersionNotFoundError struct { Identifier SecretIdentifier Version int }
VersionNotFoundError occurs when a secret version cannot be found (during ReadVersion)
func (*VersionNotFoundError) Error ¶
func (e *VersionNotFoundError) Error() string