Documentation
¶
Overview ¶
Package provider defines the interface and registry for secret providers.
To add a new provider: 1. Create a new file in this package (e.g., myprovider.go) 2. Implement the Provider interface 3. Register it in an init() function using Register()
Index ¶
- Variables
- func ApplyPrefix(envCfg EnvConfig, key string) string
- func GenerateKeyFile(path string) error
- func ListOrDescribe(ctx context.Context, p Provider, prefix string) (map[string]SecretRecord, error)
- func ListTypes() []string
- func Register(info Info)
- func ResolvedPrefix(envCfg EnvConfig) string
- func TrimPrefix(envCfg EnvConfig, name string) string
- type EncryptionConfig
- type EnvConfig
- type Factory
- type Info
- type MetadataLister
- type Provider
- type ProviderConfig
- type SecretRecord
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotConfigured = errors.New("provider not configured") ErrNotImplemented = errors.New("provider not implemented") )
Functions ¶
func ApplyPrefix ¶
ApplyPrefix builds the fully-qualified secret name for a given key.
func GenerateKeyFile ¶
GenerateKeyFile creates a new cryptographically secure key file. Call this to bootstrap local storage.
func ListOrDescribe ¶ added in v1.0.2
func ListOrDescribe(ctx context.Context, p Provider, prefix string) (map[string]SecretRecord, error)
ListOrDescribe fetches secrets with metadata when the provider supports it. For providers that do not expose metadata, the map still contains values, but CreatedAt is left zero to signal "unknown".
func ListTypes ¶
func ListTypes() []string
ListTypes returns just the type names of all registered providers.
func Register ¶
func Register(info Info)
Register registers a new provider type with the registry. This should be called from init() functions in provider implementation files.
func ResolvedPrefix ¶
ResolvedPrefix returns the configured prefix (path_prefix or prefix) in its normalized form.
func TrimPrefix ¶
TrimPrefix removes the configured prefix from a secret name when presenting to the user.
Types ¶
type EncryptionConfig ¶
type EncryptionConfig struct {
Type string `yaml:"type"`
KeyFile string `yaml:"key_file,omitempty"`
KeyEnv string `yaml:"key_env,omitempty"`
}
EncryptionConfig holds encryption settings for local file storage.
type EnvConfig ¶
type EnvConfig struct {
Provider string `yaml:"provider"`
PathPrefix string `yaml:"path_prefix"`
Prefix string `yaml:"prefix"`
}
EnvConfig represents the environment-specific configuration from the project file.
type Factory ¶
type Factory func(envCfg EnvConfig, providerCfg ProviderConfig) (Provider, error)
Factory creates a Provider from configuration.
type Info ¶
type Info struct {
// Type is the unique identifier for this provider (e.g., "aws-ssm", "vault").
Type string
// Description provides a human-readable description of the provider.
Description string
// Factory creates instances of this provider type.
Factory Factory
// RequiredFields lists the configuration fields required for this provider.
RequiredFields []string
// OptionalFields lists optional configuration fields.
OptionalFields []string
}
Info contains metadata about a registered provider type.
type MetadataLister ¶ added in v1.0.2
type MetadataLister interface {
ListWithMetadata(ctx context.Context, prefix string) (map[string]SecretRecord, error)
}
MetadataLister can return values plus metadata in one call.
type Provider ¶
type Provider interface {
// Get retrieves a single secret by name.
Get(ctx context.Context, name string) (string, error)
// List returns all secrets matching the given prefix.
List(ctx context.Context, prefix string) (map[string]string, error)
// Set creates or updates a secret.
Set(ctx context.Context, name, value string) error
}
Provider defines the interface for all secret backends.
type ProviderConfig ¶
type ProviderConfig struct {
Type string `yaml:"type"`
Profile string `yaml:"profile,omitempty"`
Region string `yaml:"region,omitempty"`
Path string `yaml:"path,omitempty"`
Encryption *EncryptionConfig `yaml:"encryption,omitempty"`
Extra map[string]any `yaml:",inline"`
}
ProviderConfig represents the provider configuration from the global config file.
type SecretRecord ¶ added in v1.0.2
type SecretRecord struct {
Value string `json:"value"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
SecretRecord carries a secret's value plus optional metadata for presentation.
Source Files