secrethub

package
v0.32.2-0...-071f0ac Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package secrethub provides the SecretHub API client, look here to read, write and manage secrets.

Index

Examples

Constants

View Source
const ClientVersion = "v0.32.0"

ClientVersion is the current version of the client Do not edit this unless you know what you're doing.

View Source
const DefaultAccountKeyLength = 4096

DefaultAccountKeyLength defines the default bit size for account keys.

View Source
const (
	// MaxSecretSize is the maximum size of a secret before encryption.
	MaxSecretSize = 512 * units.KiB
)

Variables

View Source
var (
	ErrSecretTooBig         = errClient.Code("secret_too_big").Error(fmt.Sprintf("maximum size of a secret is %s", units.BytesSize(MaxSecretSize)))
	ErrEmptySecret          = errClient.Code("empty_secret").Error("secret is empty")
	ErrCannotWriteToVersion = errClient.Code("cannot_write_version").Error("cannot (over)write a specific secret version, they are append only")
)

Errors

View Source
var (
	ErrInvalidAppInfoName = errClient.Code("invalid_app_info_name").Error("name must be 2-50 characters long, only alphanumeric, underscore (_), and dash (-)")
)

Errors

View Source
var (
	ErrInvalidServerURL = errClient.Code("invalid_server_url").ErrorPref("%s")
)

Errors

View Source
var (
	ErrNoDecryptionKey = errClient.Code("no_decryption_key").Error("client is not initialized with a method to decrypt the account key")
)

Errors

View Source
var (
	ErrUnknownIdentityProvider = errClient.Code("unknown_identity_provider").ErrorPref("%s is not a supported identity provider. Valid options are `aws` and `key`.")
)

Errors

Functions

This section is empty.

Types

type AccessLevelIterator

type AccessLevelIterator interface {
	Next() (api.AccessLevel, error)
}

AccessLevelIterator iterates over access levels.

type AccessLevelIteratorParams

type AccessLevelIteratorParams struct{}

AccessLevelIteratorParams defines the parameters used when listing access levels.

type AccessRuleIterator

type AccessRuleIterator interface {
	Next() (api.AccessRule, error)
}

AccessLevelIterator iterates over access rules.

type AccessRuleIteratorParams

type AccessRuleIteratorParams struct {
	Depth     *uint // Depth defines the depth of traversal for the iterator, nil means listing all subdirectories.
	Ancestors bool  // Ancestors defines whether the iterator should also list access rules of parent directories.
}

AccessRuleIteratorParams specify parameters used when listing access rules.

type AccessRuleService

type AccessRuleService interface {
	// Get retrieves the access rule for the given account on the given directory.
	Get(path string, accountName string) (*api.AccessRule, error)
	// Set sets an access rule with a certain permission level for an account to a path.
	Set(path string, permission string, accountName string) (*api.AccessRule, error)
	// Delete removes the accessrule for the given directory and account.
	Delete(path string, accountName string) error
	// List retrieves all access rules that apply to a directory, including
	// rules that apply to its children up to a specified depth. When ancestors is set
	// to true, it also includes rules for any parent directories. When the depth is
	// set to -1, all children are retrieved without limit.
	// Deprecated: Use iterator function instead.
	List(path string, depth int, ancestors bool) ([]*api.AccessRule, error)
	// Iterator returns an iterator that retrieves all access rules that apply to a
	// directory.
	Iterator(path string, _ *AccessRuleIteratorParams) AccessRuleIterator
	// ListLevels lists the access levels on the given directory.
	// Deprecated: Use iterator function instead.
	ListLevels(path string) ([]*api.AccessLevel, error)
	// LevelIterator returns an iterator that retrieves all access levels on the given directory.
	LevelIterator(path string, _ *AccessLevelIteratorParams) AccessLevelIterator
}

AccessRuleService handles operations on access rules from SecretHub.

type AccountIterator

type AccountIterator interface {
	Next() (api.Account, error)
}

AccountIterator iterates over accounts.

type AccountIteratorParams

type AccountIteratorParams struct{}

AccountIteratorParams defines parameters used when listing Accounts.

type AccountKeyService

type AccountKeyService interface {
	// Create creates an account key for the client's credential.
	Create(verifier credentials.Verifier, encrypter credentials.Encrypter) (*api.EncryptedAccountKey, error)
	// Exists returns whether an account key exists for the client's credential.
	Exists() (bool, error)
}

AccountKeyService handles operations on SecretHub account keys.

type AccountService

type AccountService interface {
	// Me retrieves the authenticated account of the client.
	Me() (*api.Account, error)
	// Get retrieves an account by name.
	Get(name string) (*api.Account, error)
	// Keys returns an account key service.
	Keys() AccountKeyService
}

AccountService handles operations on SecretHub accounts.

type AppInfo

type AppInfo struct {
	Name    string
	Version string
}

AppInfo contains information about the application that is using the SecretHub client. It is used to identify the application to the SecretHub API.

func (AppInfo) ValidateName

func (i AppInfo) ValidateName() error

ValidateName returns an error if the provided app name is not set or doesn't match alphanumeric, underscore (_), and dash (-) characters, or length of 2-50 characters.

type AuditEventIterator

type AuditEventIterator interface {
	Next() (api.Audit, error)
}

type AuditEventIteratorParams

type AuditEventIteratorParams struct{}

AuditEventIteratorParams can be used to configure iteration of audit events.

For now, there's nothing to configure. We'll add filter options soon. The struct is already added, so that adding parameters is backwards compatible.

type Client

type Client struct {
	ConfigDir *configdir.Dir
	// contains filtered or unexported fields
}

Client is a client for the SecretHub HTTP API.

func Must

func Must(c *Client, err error) *Client

Must is a helper function to ensure the Client is valid and there was no error when calling a NewClient function.

This helper is intended to be used in initialization to load the Session and configuration at startup. For example:

var client = secrethub.Must(secrethub.NewClient())

func NewClient

func NewClient(with ...ClientOption) (*Client, error)

NewClient creates a new SecretHub client. Provided options are applied to the client.

If no WithCredentials() option is provided, the client tries to find a key credential at the following locations (in order):

  1. The SECRETHUB_CREDENTIAL environment variable.
  2. The credential file placed in the directory given by the SECRETHUB_CONFIG_DIR environment variable.
  3. The credential file found in <user's home directory>/.secrethub/credential.

If no key credential could be found, a Client is returned that can only be used for unauthenticated routes.

Example

Create a new Client.

package main

import (
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"
)

func main() {
	client, err := secrethub.NewClient()
	if err != nil {
		log.Fatal(err)
	}

	// use the client
	_, err = client.Secrets().ReadString("workspace/repo/secret")
	if err != nil {
		log.Fatal(err)
	}
}
Output:

Example (Aws)

Create a new client that uses native AWS services to handle encryption and authentication.

package main

import (
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"

	"github.com/rossmerr/secrets-go/pkg/secrethub/credentials"
)

func main() {
	client, err := secrethub.NewClient(secrethub.WithCredentials(credentials.UseAWS()))
	if err != nil {
		log.Fatal(err)
	}

	// use the client
	_, err = client.Secrets().ReadString("workspace/repo/secret")
	if err != nil {
		log.Fatal(err)
	}
}
Output:

func (*Client) AccessRules

func (c *Client) AccessRules() AccessRuleService

AccessRules returns a service used to manage access rules.

func (*Client) Accounts

func (c *Client) Accounts() AccountService

Accounts returns a service used to manage SecretHub accounts.

func (*Client) Credentials

func (c *Client) Credentials() CredentialService

Credentials returns a service used to manage credentials.

func (*Client) DefaultCredential

func (c *Client) DefaultCredential() credentials.Reader

DefaultCredential returns a reader pointing to the configured credential, sourcing it either from the SECRETHUB_CREDENTIAL environment variable or from the configuration directory.

func (*Client) Dirs

func (c *Client) Dirs() DirService

Dirs returns a service used to manage directories.

Example (Create)

Create a new directory.

package main

import (
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	_, err := client.Dirs().Create("workspace/repo/dir")
	if err != nil {
		log.Fatal(err)
	}
}
Output:

func (c *Client) IDPLinks() IDPLinkService

func (*Client) Me

func (c *Client) Me() MeService

Me returns a service used to manage the current authenticated account.

func (*Client) Orgs

func (c *Client) Orgs() OrgService

Orgs returns a service used to manage shared organization workspaces.

func (*Client) Repos

func (c *Client) Repos() RepoService

Repos returns a service used to manage repositories.

Example (Create)

Create a new repository.

package main

import (
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	_, err := client.Repos().Create("workspace/repo")
	if err != nil {
		log.Fatal(err)
	}
}
Output:

Example (EventIterator)

List all audit events for a given repository.

package main

import (
	"fmt"
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"

	"github.com/rossmerr/secrets-go/pkg/secrethub/iterator"
)

var client secrethub.ClientInterface

func main() {
	iter := client.Repos().EventIterator("workspace/repo", &secrethub.AuditEventIteratorParams{})
	for {
		event, err := iter.Next()
		if err == iterator.Done {
			break
		} else if err != nil {
			log.Fatal(err)
		}
		fmt.Printf("Audit event logged at:%s form ip address: %s", event.LoggedAt.Local(), event.IPAddress)
	}
}
Output:

func (*Client) Secrets

func (c *Client) Secrets() SecretService

Secrets returns a service used to manage secrets.

Example (EventIterator)

List all audit events for a given secret.

package main

import (
	"fmt"
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"

	"github.com/rossmerr/secrets-go/pkg/secrethub/iterator"
)

var client secrethub.ClientInterface

func main() {
	iter := client.Secrets().EventIterator("workspace/repo/secret", &secrethub.AuditEventIteratorParams{})
	for {
		event, err := iter.Next()
		if err == iterator.Done {
			break
		} else if err != nil {
			log.Fatal(err)
		}
		fmt.Printf("Audit event logged at:%s form ip address: %s", event.LoggedAt.Local(), event.IPAddress)
	}
}
Output:

Example (Read)

Read a secret.

package main

import (
	"fmt"
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	secret, err := client.Secrets().Read("workspace/repo/secret")
	if err != nil {
		log.Fatal(err)
	}

	fmt.Print(string(secret.Data))
}
Output:

Example (Write)

Write a secret.

package main

import (
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	secret := []byte("secret_value_123")
	_, err := client.Secrets().Write("workspace/repo/secret", secret)
	if err != nil {
		log.Fatal(err)
	}
}
Output:

func (*Client) Services

func (c *Client) Services() ServiceService

Services returns a service used to manage non-human service accounts.

Example (Create)

Create a service account credential.

package main

import (
	"fmt"
	"log"

	"github.com/rossmerr/secrets-go/pkg/secrethub"

	"github.com/rossmerr/secrets-go/pkg/secrethub/credentials"
)

var client secrethub.ClientInterface

func main() {
	credentialCreator := credentials.CreateKey()
	service, err := client.Services().Create("workspace/repo", "Service account description", credentialCreator)
	if err != nil {
		log.Fatal(err)
	}

	key, err := credentialCreator.Export()
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("Service ID: %s\n", service.ServiceID)
	fmt.Printf("Credential: %s\n", string(key))
}
Output:

func (*Client) Users

func (c *Client) Users() UserService

Users returns a service used to manage (human) user accounts.

type ClientInterface

type ClientInterface interface {
	// AccessRules returns a service used to manage access rules.
	AccessRules() AccessRuleService
	// Accounts returns a service used to manage SecretHub accounts.
	Accounts() AccountService
	// Credentials returns a service used to manage credentials.
	Credentials() CredentialService
	// Dirs returns a service used to manage directories.
	Dirs() DirService
	// IDPLinks returns a service used to manage links between namespaces and Identity Providers.
	IDPLinks() IDPLinkService
	// Me returns a service used to manage the current authenticated account.
	Me() MeService
	// Orgs returns a service used to manage shared organization workspaces.
	Orgs() OrgService
	// Repos returns a service used to manage repositories.
	Repos() RepoService
	// Secrets returns a service used to manage secrets.
	Secrets() SecretService
	// Services returns a service used to manage non-human service accounts.
	Services() ServiceService
	// Users returns a service used to manage (human) user accounts.
	Users() UserService
}

ClientInterface is an interface that can be used to consume the SecretHub client and is implemented by secrethub.Client.

type ClientOption

type ClientOption func(*Client) error

ClientOption is an option that can be set on a secrethub.Client.

func WithAppInfo

func WithAppInfo(appInfo *AppInfo) ClientOption

WithAppInfo sets the AppInfo to be used for identifying the application that is using the SecretHub Client.

func WithConfigDir

func WithConfigDir(configDir configdir.Dir) ClientOption

WithConfigDir sets the configuration directory to use (among others) for sourcing the credential file from.

func WithCredentials

func WithCredentials(provider credentials.Provider) ClientOption

WithCredentials sets the credential to be used for authenticating to the API and decrypting the account key.

func WithDefaultPassphraseReader

func WithDefaultPassphraseReader(reader credentials.Reader) ClientOption

WithDefaultPassphraseReader sets a default passphrase reader that is used for decrypting an encrypted key credential if no credential is set explicitly.

func WithServerURL

func WithServerURL(serverURL string) ClientOption

WithServerURL overrides the default server endpoint URL used by the HTTP client.

func WithTimeout

func WithTimeout(timeout time.Duration) ClientOption

WithTimeout overrides the default request timeout of the HTTP client.

func WithTransport

func WithTransport(transport http.RoundTripper) ClientOption

WithTransport replaces the DefaultTransport used by the HTTP client with the provided RoundTripper.

type CredentialIterator

type CredentialIterator interface {
	Next() (api.Credential, error)
}

CredentialIterator can be used to iterate over a list of credentials.

type CredentialListParams

type CredentialListParams struct{}

CredentialListParams are the parameters that configure credential listing.

type CredentialService

type CredentialService interface {
	// Create a new credential from the credentials.Creator for an existing account.
	Create(credentials.Creator, string) (*api.Credential, error)
	// Disable an existing credential.
	Disable(fingerprint string) error
	// List lists all credentials of the currently authenticated account.
	List(_ *CredentialListParams) CredentialIterator
}

CredentialService handles operations on credentials on SecretHub.

type DirService

type DirService interface {
	// Create a directory at a given path.
	Create(path string) (*api.Dir, error)
	// CreateAll creates all directories in the given path that do not exist yet.
	//
	// Contrary to Create, it doesn't return an error when the directories already exist.
	CreateAll(path string) error
	// Exists returns whether a directory where you have access to exists at a given path.
	Exists(path string) (bool, error)
	// Get returns the directory with the given ID.
	GetByID(id uuid.UUID) (*api.Dir, error)
	// Delete removes the directory at the given path.
	Delete(path string) error
	// GetTree retrieves a directory at a given path and all of its descendants up to a given depth.
	// When the depth <= 0, all descendants are returned. When ancestors is true, the parent directories
	// of the dir at the given path will also be included in the tree.
	GetTree(path string, depth int, ancestors bool) (*api.Tree, error)
}

DirService handles operations on directories from SecretHub.

type IDPLinkGCPService

type IDPLinkGCPService interface {
	Create(namespace string, projectID string, authorizationCode string, redirectURI string) (*api.IdentityProviderLink, error)
	List(namespace string, params *IdpLinkIteratorParams) IdpLinkIterator
	Get(namespace string, projectID string) (*api.IdentityProviderLink, error)
	Exists(namespace string, projectID string) (bool, error)
	Delete(namespace string, projectID string) error
	AuthorizationCodeListener(namespace string, projectID string) (oauthorizer.CallbackHandler, error)
}

type IDPLinkService

type IDPLinkService interface {
	GCP() IDPLinkGCPService
}

type IdpLinkIterator

type IdpLinkIterator interface {
	Next() (api.IdentityProviderLink, error)
}

IdpLinkIterator iterates over identity provider links.

type IdpLinkIteratorParams

type IdpLinkIteratorParams struct{}

IdpLinkIteratorParams defines parameters used when listing identity provider links.

type MeService

type MeService interface {
	// GetUser retrieves the current users details.
	GetUser() (*api.User, error)
	// SendVerificationEmail sends an email to the authenticated user's registered email address
	// for them to prove they own that email address.
	SendVerificationEmail() error
	// ListRepos retrieves all repositories of the current user.
	// Deprecated: Use iterator function instead.
	ListRepos() ([]*api.Repo, error)
	// RepoIterator returns an iterator that retrieves all repos of the current user.
	RepoIterator(_ *RepoIteratorParams) RepoIterator
}

MeService handles operations on the authenticated account.

type OrgIterator

type OrgIterator interface {
	Next() (api.Org, error)
}

OrgIterator iterates over organizations.

type OrgIteratorParams

type OrgIteratorParams struct{}

type OrgMemberIterator

type OrgMemberIterator interface {
	Next() (api.OrgMember, error)
}

OrgMemberIterator iterates over organization members.

type OrgMemberIteratorParams

type OrgMemberIteratorParams struct{}

OrgMemberIteratorParams defines parameters used when listing members of the organization.

type OrgMemberService

type OrgMemberService interface {
	// Invite invites a user to an organization.
	Invite(org string, username string, role string) (*api.OrgMember, error)
	// Get retrieves a users organization membership details.
	Get(org string, username string) (*api.OrgMember, error)
	// Update updates the role of a member of the organization.
	Update(org string, username string, role string) (*api.OrgMember, error)
	// Revoke removes the given user from the organization.
	Revoke(org string, username string, opts *api.RevokeOpts) (*api.RevokeOrgResponse, error)
	// List retrieves all members of the given organization.
	// Deprecated: Use iterator function instead.
	List(org string) ([]*api.OrgMember, error)
	// Iterator returns an iterator that lists all members of a given organization.
	Iterator(org string, _ *OrgMemberIteratorParams) OrgMemberIterator
}

OrgMemberService handles operations on organization members.

type OrgService

type OrgService interface {
	// Create creates an organization.
	Create(name string, description string) (*api.Org, error)
	// Get retrieves an organization.
	Get(name string) (*api.Org, error)
	// Members returns an OrgMemberService.
	Members() OrgMemberService
	// Delete removes an organization.
	Delete(name string) error
	// ListMine returns the organizations of the current user.
	// Deprecated: Use iterator function instead.
	ListMine() ([]*api.Org, error)
	// Iterator returns an iterator that lists all organizations of the current user.
	Iterator(params *OrgIteratorParams) OrgIterator
}

OrgService handles operations on organisations on SecretHub.

type RepoIterator

type RepoIterator interface {
	Next() (api.Repo, error)
}

RepoIterator iterates over repositories.

type RepoIteratorParams

type RepoIteratorParams struct {
	Namespace *string
}

RepoIteratorParams defines parameters used when listing repos.

type RepoService

type RepoService interface {
	// Create creates a new repo for the given owner and name.
	Create(path string) (*api.Repo, error)
	// Get retrieves the repo with the given path.
	Get(path string) (*api.Repo, error)
	// Delete removes the repo with the given path.
	Delete(path string) error
	// List retrieves all repositories in the given namespace.
	// Deprecated: Use iterator function instead.
	List(namespace string) ([]*api.Repo, error)
	// Iterator returns a new iterator that retrieves all repos according to the specified parameters.
	Iterator(_ *RepoIteratorParams) RepoIterator
	// ListAccounts lists the accounts in the repository.
	// Deprecated: Use iterator function instead.
	ListAccounts(path string) ([]*api.Account, error)
	// AccountIterator returns a new iterator that retrieves all accounts in the given repository.
	AccountIterator(path string, params *AccountIteratorParams) AccountIterator
	// EventIterator returns an iterator that retrieves all audit events for a given repo.
	//
	// Usage:
	//  iter := client.Repos().EventIterator(path, &secrethub.AuditEventIteratorParams{})
	//  for {
	//  	event, err := iter.Next()
	//  	if err == iterator.Done {
	//  		break
	//  	} else if err != nil {
	//  		// Handle error
	//  	}
	//
	//  	// Use event
	//  }
	EventIterator(path string, _ *AuditEventIteratorParams) AuditEventIterator
	// ListEvents retrieves all audit events for a given repo.
	// Deprecated: Use iterator function instead.
	ListEvents(path string, subjectTypes api.AuditSubjectTypeList) ([]*api.Audit, error)
	// ListMine retrieves all repositories of the current user.
	// Deprecated: Use iterator function instead.
	ListMine() ([]*api.Repo, error)
	// Users returns a RepoUserService that handles operations on users of a repository.
	Users() RepoUserService
	// Services returns a RepoServiceService that handles operations on services of a repository.
	Services() RepoServiceService
}

RepoService handles operations on repositories from SecretHub.

type RepoServiceIteratorParams

type RepoServiceIteratorParams struct{}

RepoServiceIteratorParams defines parameters used when listing Services of a given repo.

type RepoServiceService

type RepoServiceService interface {
	// List lists the services of the given repository.
	// Deprecated: Use iterator function instead.
	List(path string) ([]*api.Service, error)
	// Iterator returns an iterator that lists all services of the given repository.
	Iterator(path string, _ *RepoServiceIteratorParams) ServiceIterator
}

RepoServiceService handles operations on services of repositories.

type RepoUserService

type RepoUserService interface {
	// Invite invites the user with given username to the repository at the given path.
	Invite(path string, username string) (*api.RepoMember, error)
	// Revoke revokes the user with given username from the repository with the given path.
	Revoke(path string, username string) (*api.RevokeRepoResponse, error)
	// List lists the users of the given repository.
	// Deprecated: Use iterator function instead.
	List(path string) ([]*api.User, error)
	// Iterator returns an iterator that lists the users of a given repository.
	Iterator(path string, params *UserIteratorParams) UserIterator
}

RepoUserService handles operations on users of a repository.

type SecretService

type SecretService interface {
	// Write encrypts and writes any secret data to SecretHub, always creating
	// a new secret version for the written data. This ensures secret data is
	// never overwritten.
	//
	// To ensure forward secrecy, a new secret key is used whenever the previously
	// used key has been flagged.
	//
	// Write accepts any non-empty byte data that is within the size limit of MaxSecretSize.
	// Note that data is encrypted as is. Sanitizing data is the responsibility of the
	// function caller.
	Write(path string, data []byte) (*api.SecretVersion, error)
	// Read is an alias of `Versions().GetWithData` and gets a secret version, with sensitive data decrypted.
	Read(path string) (*api.SecretVersion, error)
	// ReadString is a convenience function to get the secret data as a string.
	//
	// See .Versions() for more elaborate use.
	ReadString(path string) (string, error)
	// Exists returns whether a secret exists on the given path.
	Exists(path string) (bool, error)
	// Get retrieves a Secret.
	Get(path string) (*api.Secret, error)
	// Delete removes the secret at the given path.
	Delete(path string) error
	// EventIterator returns an iterator that retrieves all audit events for a given secret.
	//
	// Usage:
	//  iter := client.Repos().EventIterator(path, &secrethub.AuditEventIteratorParams{})
	//  for {
	//  	event, err := iter.Next()
	//  	if err == iterator.Done {
	//  		break
	//  	} else if err != nil {
	//  		// Handle error
	//  	}
	//
	//  	// Use event
	//  }
	EventIterator(path string, _ *AuditEventIteratorParams) AuditEventIterator
	// ListEvents retrieves all audit events for a given secret.
	ListEvents(path string, subjectTypes api.AuditSubjectTypeList) ([]*api.Audit, error)
	// Versions returns a SecretVersionService.
	Versions() SecretVersionService
}

SecretService handles operations on secrets from SecretHub.

type SecretVersionIterator

type SecretVersionIterator interface {
	Next() (api.SecretVersion, error)
}

SecretVersionIterator iterates over secret versions.

type SecretVersionIteratorParams

type SecretVersionIteratorParams struct {
	IncludeSensitiveData bool
}

SecretVersionIteratorParams defines parameters used when listing SecretVersions. If IncludeSensitiveData is set to true, secret data will also be retrieved.

type SecretVersionService

type SecretVersionService interface {
	// GetWithData gets a secret version, with the sensitive data.
	GetWithData(path string) (*api.SecretVersion, error)
	// GetWithoutData gets a secret version, without the sensitive data.
	GetWithoutData(path string) (*api.SecretVersion, error)
	// Delete removes a secret version.
	Delete(path string) error
	// ListWithData lists secret versions, with the sensitive data.
	// Deprecated: Use iterator function instead.
	ListWithData(path string) ([]*api.SecretVersion, error)
	// ListWithoutData lists secret versions, without the sensitive data.
	// Deprecated: Use iterator function instead.
	ListWithoutData(path string) ([]*api.SecretVersion, error)
	// Iterator returns a new iterator that retrieves all secret versions in the given namespace.
	// If the IncludeSensitiveData parameter is set to true, the secret data will also be retrieved.
	Iterator(path string, params *SecretVersionIteratorParams) SecretVersionIterator
}

SecretVersionService handles operations on secret versions from SecretHub.

type ServiceIterator

type ServiceIterator interface {
	Next() (api.Service, error)
}

ServiceIterator iterates over services.

type ServiceIteratorParams

type ServiceIteratorParams struct{}

ServiceIteratorParams defines parameters used when listing Services.

type ServiceService

type ServiceService interface {
	// Create creates a new service account for the given repo.
	Create(path string, description string, credential credentials.Creator) (*api.Service, error)
	// Get retrieves a service account by name.
	Get(name string) (*api.Service, error)
	// Delete removes a service account by name.
	Delete(name string) (*api.RevokeRepoResponse, error)
	// List lists all service accounts in a given repository.
	// Deprecated: Use iterator function instead.
	List(path string) ([]*api.Service, error)
	// Iterator returns an iterator that lists all service accounts in a given repository.
	Iterator(path string, _ *ServiceIteratorParams) ServiceIterator
}

ServiceService handles operations on service accounts from SecretHub.

type UserIterator

type UserIterator interface {
	Next() (api.User, error)
}

UserIterator iterates over users.

type UserIteratorParams

type UserIteratorParams struct{}

UserIteratorParams defines parameters used when listing Users.

type UserService

type UserService interface {
	// Me gets the account's user if it exists.
	Me() (*api.User, error)
	// Get a user by their username.
	Get(username string) (*api.User, error)
}

UserService handles operations on users from SecretHub.

Directories

Path Synopsis
Package configdir provides simple functions to manage the SecretHub configuration directory.
Package configdir provides simple functions to manage the SecretHub configuration directory.
Package credentials provides utilities for managing SecretHub API credentials.
Package credentials provides utilities for managing SecretHub API credentials.
sessions
Package sessions provides session authentication to the SecretHub API for the HTTP client.
Package sessions provides session authentication to the SecretHub API for the HTTP client.
Package fakeclient provides mock implementations of the client to be used for testing.
Package fakeclient provides mock implementations of the client to be used for testing.
internals
http
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
Package iterator provides a generic iterator to be used as a building block for typed iterators.
Package iterator provides a generic iterator to be used as a building block for typed iterators.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL