sops

package

v0.16.5 Latest Latest Go to latest Published: Jun 28, 2023 License: Apache-2.0, MPL-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kluctl/flux-kluctl-controller

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error)
func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) (keyservice.KeyServiceClient, error)
func LoadAADConfigFromBytes(b []byte, s *AADConfig) error
func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error)
func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error)
type AADConfig
- func (s AADConfig) GetCloudConfig() cloud.Configuration
type AZConfig

Constants ¶

View Source

const (
	// DecryptionPGPExt is the extension of the file containing an armored PGP
	// key.
	DecryptionPGPExt = ".asc"
	// DecryptionAgeExt is the extension of the file containing an age key
	// file.
	DecryptionAgeExt = ".agekey"
	// DecryptionVaultTokenFileName is the name of the file containing the
	// Hashicorp Vault token.
	DecryptionVaultTokenFileName = "sops.vault-token"
	// DecryptionAWSKmsFile is the name of the file containing the AWS KMS
	// credentials.
	DecryptionAWSKmsFile = "sops.aws-kms"
	// DecryptionAzureAuthFile is the name of the file containing the Azure
	// credentials.
	DecryptionAzureAuthFile = "sops.azure-kv"
	// DecryptionGCPCredsFile is the name of the file containing the GCP
	// credentials.
	DecryptionGCPCredsFile = "sops.gcp-kms"
)

Variables ¶

This section is empty.

Functions ¶

func BuildSopsKeyServerFromSecret ¶

func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error)

func BuildSopsKeyServerFromServiceAccount ¶

func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) (keyservice.KeyServiceClient, error)

func LoadAADConfigFromBytes ¶

func LoadAADConfigFromBytes(b []byte, s *AADConfig) error

LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig. By first decoding it if UTF-16, and then unmarshalling it into the given struct. It returns an error for any failure.

func LoadCredsProviderFromYaml ¶

func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error)

LoadCredsProviderFromYaml parses the given YAML returns a CredsProvider object which contains the credentials provider used for authenticating towards AWS KMS.

func TokenFromAADConfig ¶

func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error)

TokenFromAADConfig attempts to construct a Token using the AADConfig values. It detects credentials in the following order:

azidentity.ClientSecretCredential when `tenantId`, `clientId` and `clientSecret` fields are found.
azidentity.ClientCertificateCredential when `tenantId`, `clientCertificate` (and optionally `clientCertificatePassword`) fields are found.
azidentity.ClientSecretCredential when AZConfig fields are found.
azidentity.ManagedIdentityCredential for a User ID, when a `clientId` field but no `tenantId` is found.

If no set of credentials is found or the azcore.TokenCredential can not be created, an error is returned.

Types ¶

type AADConfig ¶

type AADConfig struct {
	AZConfig
	TenantID                   string `json:"tenantId,omitempty"`
	ClientID                   string `json:"clientId,omitempty"`
	ClientSecret               string `json:"clientSecret,omitempty"`
	ClientCertificate          string `json:"clientCertificate,omitempty"`
	ClientCertificatePassword  string `json:"clientCertificatePassword,omitempty"`
	ClientCertificateSendChain bool   `json:"clientCertificateSendChain,omitempty"`
	AuthorityHost              string `json:"authorityHost,omitempty"`
}

AADConfig contains the selection of fields from an Azure authentication file required for Active Directory authentication.

func (AADConfig) GetCloudConfig ¶

func (s AADConfig) GetCloudConfig() cloud.Configuration

GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the Azure Public Cloud default.

type AZConfig ¶

type AZConfig struct {
	AppID    string `json:"appId,omitempty"`
	Tenant   string `json:"tenant,omitempty"`
	Password string `json:"password,omitempty"`
}

AZConfig contains the Service Principal fields as generated by `az`. Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
keyservice

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL