Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyringStorage ¶
type KeyringStorage struct{}
KeyringStorage is a Linux kernel keyring implementation of the secrets.Storage interface. It stores encrypted secrets in the process keyring.
This driver uses the KEY_SPEC_PROCESS_KEYRING key ring, meaning no other program, even from the same user, can read the encrypted secrets.
Unfortunately. After much testing, the process-scoped keyring seems impossible to access from child threads when the GRPC server is processing requests. To get around this, all operations are dispatched to a shared worker goroutine locked to a OS thread. Multiple instances share the same worker to ensure consistent keyring access which should never happen outside of tests.
func NewKeyringStorage ¶
func NewKeyringStorage(ctx context.Context) (*KeyringStorage, error)
NewKeyringStorage creates a new kernel keyring storage backend. It uses the process keyring (KEY_SPEC_PROCESS_KEYRING) which does not seem to be accessible from other threads outside of the main one (when threadid == pid).
To handle this, a shared worker goroutine locked to an OS thread handles all keyring operations, ensuring all calls come from the same thread. Multiple KeyringStorage instances share the same worker.
func (*KeyringStorage) Delete ¶
func (k *KeyringStorage) Delete(ctx context.Context, id string) error
Delete removes a secret from the kernel keyring by its ID.
type MemoryStorage ¶
type MemoryStorage struct {
// contains filtered or unexported fields
}
MemoryStorage is an in-memory implementation of the secrets.Storage interface. It stores encrypted secrets in a map protected by a mutex for thread safety.
func NewMemoryStorage ¶
func NewMemoryStorage() *MemoryStorage
NewMemoryStorage creates a new in-memory storage backend.
func (*MemoryStorage) Delete ¶
func (m *MemoryStorage) Delete(ctx context.Context, id string) error
Delete removes a secret from memory by its id.
Source Files