secrets

package
v0.0.49 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Argon2Time    = 3
	Argon2Memory  = 64 * 1024 // 64MB
	Argon2Threads = 4
	Argon2KeyLen  = 32
	SaltLen       = 16
	NonceLen      = 12
)
View Source 
const (
	TypeGeneric          = "generic"
	TypeSSH              = "ssh"
	TypeEnv              = "env"
	TypeKubeconfig       = "kubeconfig"
	TypeDockerConfigJSON = "dockerconfigjson"
)

Variables

View Source 
var SecretTypeConfigs = map[string]SecretTypeConfig{
	TypeGeneric: {
		DefaultMode:      "0o600",
		DefaultDirectory: "",
	},
	TypeSSH: {
		DefaultMode:      "0o600",
		DefaultDirectory: "~/.ssh",
	},
	TypeEnv: {
		DefaultMode:      "0o644",
		DefaultDirectory: "",
	},
	TypeKubeconfig: {
		DefaultMode:      "0o600",
		DefaultDirectory: "~/.kube",
	},
	TypeDockerConfigJSON: {
		DefaultMode:      "0o600",
		DefaultDirectory: "~/.docker",
	},
}

Functions

func Decrypt 

func Decrypt(encodedValue string, masterKey []byte) ([]byte, error)

func Encrypt 

func Encrypt(plainText []byte, masterKey []byte) (string, error)

func FormatSecretForStdout added in v0.0.38 

func FormatSecretForStdout(key string, value string, raw bool) string

func GetSecretKeys added in v0.0.38 

func GetSecretKeys(vault *Vault, requestedKeys []string) []string

func HashPasswordForWorkspace added in v0.0.41 

func HashPasswordForWorkspace(password string) (string, error)

func NormalizeEncrypted added in v0.0.38 

func NormalizeEncrypted(encrypted string) string

func ProcessEnvSecret added in v0.0.38 

func ProcessEnvSecret(envVarName string, value []byte, force bool) error

func ProcessVault added in v0.0.38 

func ProcessVault(vault *Vault, opts ProcessOptions) (map[string]string, error)

func ResolveDestination added in v0.0.40 

func ResolveDestination(secret VaultSecret) (string, error)

func ResolveEncryptedValue added in v0.0.44 

func ResolveEncryptedValue(encrypted string) (string, error)

func ResolveMasterKey 

func ResolveMasterKey(flagValue string) ([]byte, error)

func ResolveVaultPath added in v0.0.38 

func ResolveVaultPath(inputFlag string) (string, error)

func ValidateSecret added in v0.0.38 

func ValidateSecret(name string, secret VaultSecret) error

Types

type ProcessOptions added in v0.0.38 

type ProcessOptions struct {
	MasterKey    []byte
	Keys         []string
	Stdout       bool
	Raw          bool
	Force        bool
	ModeOverride string
}

type SecretTypeConfig added in v0.0.40 

type SecretTypeConfig struct {
	DefaultMode      string
	DefaultDirectory string
}

type Vault added in v0.0.38 

type Vault struct {
	Secrets map[string]VaultSecret `yaml:"secrets"`
}

func LoadVault added in v0.0.38 

func LoadVault(path string) (*Vault, error)

type VaultSecret added in v0.0.38 

type VaultSecret struct {
	Type        string `yaml:"type,omitempty"`
	Encrypted   string `yaml:"encrypted"`
	Destination string `yaml:"destination"`
	Mode        string `yaml:"mode,omitempty"`
	Force       bool   `yaml:"force,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.