akeyless

package module

v0.0.0-...-723a699 Latest Latest Go to latest Published: Apr 23, 2026 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/external-secrets/external-secrets

Links

Open Source Insights

Documentation ¶

Overview ¶

Package akeyless provides integration with Akeyless Vault for secrets management.

Index ¶

Constants
Variables
func GetAKeylessProvider(store esv1.GenericStore) (*esv1.AkeylessProvider, error)
func MaintenanceStatus() esv1.MaintenanceStatus
func NewProvider() esv1.Provider
func ProviderSpec() *esv1.SecretStoreProvider
func SetBodyToken(ctx context.Context, t Tokener) error
type Akeyless
type Ctx
type Item
type Provider
type Tokener

Constants ¶

View Source

const DefServiceAccountFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"

DefServiceAccountFile is the default path to the Kubernetes service account token.

Variables ¶

View Source

var (

	// ErrItemNotExists is returned when a requested item doesn't exist in Akeyless vault.
	ErrItemNotExists = errors.New("item does not exist")
	// ErrTokenNotExists is returned when the authentication token is not available.
	ErrTokenNotExists = errors.New("token does not exist")
)

Functions ¶

func GetAKeylessProvider ¶

func GetAKeylessProvider(store esv1.GenericStore) (*esv1.AkeylessProvider, error)

GetAKeylessProvider does the necessary nil checks and returns the akeyless provider or an error.

func MaintenanceStatus ¶

func MaintenanceStatus() esv1.MaintenanceStatus

MaintenanceStatus returns the maintenance status of the provider.

func NewProvider ¶

func NewProvider() esv1.Provider

NewProvider creates a new Provider instance.

func ProviderSpec ¶

func ProviderSpec() *esv1.SecretStoreProvider

ProviderSpec returns the provider specification for registration.

func SetBodyToken ¶

func SetBodyToken(ctx context.Context, t Tokener) error

SetBodyToken sets the appropriate token in the request body based on the context.

Types ¶

type Akeyless ¶

type Akeyless struct {
	Client akeylessVaultInterface
	// contains filtered or unexported fields
}

Akeyless represents a client for the Akeyless Vault service.

func (*Akeyless) Close ¶

func (a *Akeyless) Close(_ context.Context) error

Close closes the Akeyless client connection.

func (*Akeyless) DeleteSecret ¶

func (a *Akeyless) DeleteSecret(ctx context.Context, psr esv1.PushSecretRemoteRef) error

DeleteSecret deletes a secret from Akeyless Vault at the specified remote reference.

func (*Akeyless) GetAllSecrets ¶

func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1.ExternalSecretFind) (map[string][]byte, error)

GetAllSecrets Implements store.Client.GetAllSecrets Interface. Retrieves all secrets with defined in ref.Name or tags.

func (*Akeyless) GetSecret ¶

func (a *Akeyless) GetSecret(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) ([]byte, error)

GetSecret retrieves a secret with the secret name defined in ref.Name. Implements store.Client.GetSecret Interface.

func (*Akeyless) GetSecretMap ¶

func (a *Akeyless) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error)

GetSecretMap implements store.Client.GetSecretMap Interface. New version of GetSecretMap.

func (*Akeyless) PushSecret ¶

func (a *Akeyless) PushSecret(ctx context.Context, secret *corev1.Secret, psd esv1.PushSecretData) error

PushSecret pushes a Kubernetes secret to Akeyless Vault using the provided data.

func (*Akeyless) SecretExists ¶

func (a *Akeyless) SecretExists(ctx context.Context, ref esv1.PushSecretRemoteRef) (bool, error)

SecretExists checks if a secret exists in Akeyless Vault at the specified remote reference.

func (*Akeyless) Validate ¶

func (a *Akeyless) Validate() (esv1.ValidationResult, error)

Validate validates the Akeyless connection by testing network connectivity.

type Ctx ¶

type Ctx string

Ctx is a type used for context keys in Akeyless provider implementations.

type Item ¶

type Item struct {
	ItemName    string `json:"item_name"`
	ItemType    string `json:"item_type"`
	LastVersion int32  `json:"last_version"`
}

Item represents an item in the Akeyless Vault.

type Provider ¶

type Provider struct{}

Provider satisfies the provider interface.

func (*Provider) Capabilities ¶

func (p *Provider) Capabilities() esv1.SecretStoreCapabilities

Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).

func (*Provider) NewClient ¶

func (p *Provider) NewClient(ctx context.Context, store esv1.GenericStore, kube client.Client, namespace string) (esv1.SecretsClient, error)

NewClient constructs a new secrets client based on the provided store.

func (*Provider) ValidateStore ¶

func (p *Provider) ValidateStore(store esv1.GenericStore) (admission.Warnings, error)

ValidateStore validates the configuration of the Akeyless provider in the store.

type Tokener ¶

type Tokener interface {
	SetToken(v string)
	SetUidToken(v string)
}

Tokener is the interface for types that can have tokens set on them.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fake Package fake provides mock implementations for Akeyless provider testing.	Package fake provides mock implementations for Akeyless provider testing.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL