secrets

Documentation

Overview

Package secrets decodes secret values by invoking the configured executable command

Package secrets implements the secret feature of the agent

Index

• Constants
• type Component
• type ConfigParams
• type Params
  • func NewDisabledParams() Params
  • func NewEnabledParams() Params
• type SecretChangeCallback
• type SecretVal

Constants

const PayloadVersion = "1.0"

PayloadVersion defines the current payload version sent to a secret backend

Types

type Component

type Component interface {
	// Configure the executable command that is used for decoding secrets
	Configure(config ConfigParams)
	// Get debug information and write it to the parameter
	GetDebugInfo(w io.Writer)
	// Resolve resolves the secrets in the given yaml data by replacing secrets handles by their corresponding secret value
	Resolve(data []byte, origin string) ([]byte, error)
	// SubscribeToChanges registers a callback to be invoked whenever secrets are resolved or refreshed
	SubscribeToChanges(callback SecretChangeCallback)
	// Refresh will resolve secret handles again, notifying any subscribers of changed values
	Refresh() (string, error)
}

Component is the component type.

type ConfigParams

type ConfigParams struct {
	Command          string
	Arguments        []string
	Timeout          int
	MaxSize          int
	RefreshInterval  int
	GroupExecPerm    bool
	RemoveLinebreak  bool
	RunPath          string
	AuditFileMaxSize int
}

ConfigParams holds parameters for configuration

type Params

type Params struct {
	Enabled bool
}

Params contains parameters for secrets, specifically whether the component is enabled

func NewDisabledParams

func NewDisabledParams() Params

NewDisabledParams constructs params for a disabled component

func NewEnabledParams

func NewEnabledParams() Params

NewEnabledParams constructs params for an enabled component

type SecretChangeCallback

type SecretChangeCallback func(handle, origin string, path []string, oldValue, newValue any)

SecretChangeCallback is the callback type used by SubscribeToChanges to send notifications This callback will be called once for each time a handle at a particular path is resolved or refreshed `handle`: the handle of the secret (example: `ENC[api_key]` the handle is `api_key`) `origin`: origin file of the configuration `path`: a path into the config file where the secret appears, each part is a level of nesting, arrays will use stringified indexes `oldValue`: the value that the secret used to have, the empty string "" is it hasn't been resolved before `newValue`: the new value that the secret has resolved to

type SecretVal

type SecretVal struct {
	Value    string `json:"value,omitempty"`
	ErrorMsg string `json:"error,omitempty"`
}

SecretVal defines the structure for secrets in JSON output