Documentation ¶
Overview ¶
Package store provides swappable backends that can store secrets generated by the encryptor package.
Where suitable, secret stores should return error codes defined in this package.
Stores must use whatever encoding scheme is required to safely store binary data in the backend - i.e. Base64 if the backend only supports text, gobs if it supports binary, etc.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNotFound is returned when a secret is not found in the store. ErrNotFound = errors.New("store: secret not found") // ErrInvalidName is returned when a name isn't supported (or is ridiculous, like ""). ErrInvalidName = errors.New("store: invalid secret name") // ErrAlreadyExists is returned when attempting to Put() a secret with the // same name as an existing entry. ErrAlreadyExists = errors.New("store: secret already exists") )
Functions ¶
This section is empty.
Types ¶
type DB ¶
type DB struct {
// contains filtered or unexported fields
}
DB stores secrets in a database.
It is expected that the key column has a UNIQUE constraint. Unlike most stores, DB does not return ErrAlreadyExists when attempting to Put() a secret already in the store, as each database driver returns a different error - instead the driver specific error is returned.
type DBOpts ¶
DBOpts allows the user to use a different database schema than the defaults.
It is expected that the DBOpts values are from trusted input (free from SQL injection vectors).
type Getter ¶
type Getter interface {
Get(name string) (*encryptor.EncryptedData, error)
}
Getter defines the interface for fetching secrets from the back-end store.
type Memory ¶
type Memory struct {
// contains filtered or unexported fields
}
Memory is an in-memory data store. Contents are not persisted in any way after the process ends.
type Putter ¶
type Putter interface {
Put(name string, data *encryptor.EncryptedData) error
}
Putter defines the interface for storing secrets in a back-end store.
type Redis ¶
type Redis struct {
Redis redisInterface
}
Redis abstracts storing secrets in a redis backend.
If you're using a cluster of redis servers, you can initalise a Redis struct directly and pass in an initalised Client using redis.NewFailoverClient.
func NewRedis ¶
func NewRedis(opts *redis.Options) *Redis
NewRedis returns an initalised Redis store.