secrethub

package
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2021 License: Apache-2.0 Imports: 22 Imported by: 5

Documentation

Overview

Package secrethub provides the SecretHub API client, look here to read, write and manage secrets.

Index

Examples

Constants

View Source 
const ClientVersion = "v0.33.0"

ClientVersion is the current version of the client Do not edit this unless you know what you're doing.

View Source 
const DefaultAccountKeyLength = 4096

DefaultAccountKeyLength defines the default bit size for account keys.

View Source 
const (
	// MaxSecretSize is the maximum size of a secret before encryption.
	MaxSecretSize = 512 * units.KiB
)

Variables

View Source 
var (
	ErrNoDecryptionKey    = errClient.Code("no_decryption_key").Error("client is not initialized with a method to decrypt the account key")
	ErrIncorrectAccountID = errClient.Code("incorrect_account_id").Error("the incorrect account ID was provided. To delete the currently authenticated account please provide its ID.")
)

Errors

View Source 
var (
	ErrSecretTooBig         = errClient.Code("secret_too_big").Error(fmt.Sprintf("maximum size of a secret is %s", units.BytesSize(MaxSecretSize)))
	ErrEmptySecret          = errClient.Code("empty_secret").Error("secret is empty")
	ErrCannotWriteToVersion = errClient.Code("cannot_write_version").Error("cannot (over)write a specific secret version, they are append only")
)

Errors

View Source 
var (
	ErrInvalidAppInfoName = errClient.Code("invalid_app_info_name").Error("name must be 2-50 characters long, only alphanumeric, underscore (_), and dash (-)")
)

Errors

View Source 
var (
	ErrInvalidServerURL = errClient.Code("invalid_server_url").ErrorPref("%s")
)

Errors

View Source 
var (
	ErrUnknownIdentityProvider = errClient.Code("unknown_identity_provider").ErrorPref("%s is not a supported identity provider. Valid options are `aws` and `key`.")
)

Errors

Functions

This section is empty.

Types

type AccessLevelIterator added in v0.27.0 

type AccessLevelIterator interface {
	Next() (api.AccessLevel, error)
}

AccessLevelIterator iterates over access levels.

type AccessLevelIteratorParams added in v0.27.0 

type AccessLevelIteratorParams struct{}

AccessLevelIteratorParams defines the parameters used when listing access levels.

type AccessRuleIterator added in v0.27.0 

type AccessRuleIterator interface {
	Next() (api.AccessRule, error)
}

AccessLevelIterator iterates over access rules.

type AccessRuleIteratorParams added in v0.27.0 

type AccessRuleIteratorParams struct {
	Depth     *uint // Depth defines the depth of traversal for the iterator, nil means listing all subdirectories.
	Ancestors bool  // Ancestors defines whether the iterator should also list access rules of parent directories.
}

AccessRuleIteratorParams specify parameters used when listing access rules.

type AccessRuleService 

type AccessRuleService interface {
	// Get retrieves the access rule for the given account on the given directory.
	Get(path string, accountName string) (*api.AccessRule, error)
	// Set sets an access rule with a certain permission level for an account to a path.
	Set(path string, permission string, accountName string) (*api.AccessRule, error)
	// Delete removes the accessrule for the given directory and account.
	Delete(path string, accountName string) error
	// List retrieves all access rules that apply to a directory, including
	// rules that apply to its children up to a specified depth. When ancestors is set
	// to true, it also includes rules for any parent directories. When the depth is
	// set to -1, all children are retrieved without limit.
	// Deprecated: Use iterator function instead.
	List(path string, depth int, ancestors bool) ([]*api.AccessRule, error)
	// Iterator returns an iterator that retrieves all access rules that apply to a
	// directory.
	Iterator(path string, _ *AccessRuleIteratorParams) AccessRuleIterator
	// ListLevels lists the access levels on the given directory.
	// Deprecated: Use iterator function instead.
	ListLevels(path string) ([]*api.AccessLevel, error)
	// LevelIterator returns an iterator that retrieves all access levels on the given directory.
	LevelIterator(path string, _ *AccessLevelIteratorParams) AccessLevelIterator
}

AccessRuleService handles operations on access rules from SecretHub.

type AccountIterator added in v0.27.0 

type AccountIterator interface {
	Next() (api.Account, error)
}

AccountIterator iterates over accounts.

type AccountIteratorParams added in v0.27.0 

type AccountIteratorParams struct{}

AccountIteratorParams defines parameters used when listing Accounts.

type AccountKeyService 

type AccountKeyService interface {
	// Create creates an account key for the client's credential.
	Create(verifier credentials.Verifier, encrypter credentials.Encrypter) (*api.EncryptedAccountKey, error)
	// Exists returns whether an account key exists for the client's credential.
	Exists() (bool, error)
}

AccountKeyService handles operations on SecretHub account keys.

type AccountService 

type AccountService interface {
	// Me retrieves the authenticated account of the client.
	Me() (*api.Account, error)
	// Delete deletes the authenticated account of the client if it's ID is provided as a parameter.
	// Do not use this method. Account deletes should only be performed from the CLI.
	Delete(accountID uuid.UUID) error
	// Get retrieves an account by name.
	Get(name string) (*api.Account, error)
	// Keys returns an account key service.
	Keys() AccountKeyService
}

AccountService handles operations on SecretHub accounts.

type AppInfo added in v0.21.0 

type AppInfo struct {
	Name    string
	Version string
}

AppInfo contains information about the application that is using the SecretHub client. It is used to identify the application to the SecretHub API.

func (AppInfo) ValidateName added in v0.28.0 

func (i AppInfo) ValidateName() error

ValidateName returns an error if the provided app name is not set or doesn't match alphanumeric, underscore (_), and dash (-) characters, or length of 2-50 characters.

type AuditEventIterator added in v0.24.0 

type AuditEventIterator interface {
	Next() (api.Audit, error)
}

type AuditEventIteratorParams added in v0.24.0 

type AuditEventIteratorParams struct{}

AuditEventIteratorParams can be used to configure iteration of audit events.

For now, there's nothing to configure. We'll add filter options soon. The struct is already added, so that adding parameters is backwards compatible.

type Client 

type Client struct {
	ConfigDir *configdir.Dir
	// contains filtered or unexported fields
}

Client is a client for the SecretHub HTTP API.

func Must added in v0.21.0 

func Must(c *Client, err error) *Client

Must is a helper function to ensure the Client is valid and there was no error when calling a NewClient function.

This helper is intended to be used in initialization to load the Session and configuration at startup. For example: 

var client = secrethub.Must(secrethub.NewClient())

func NewClient 

func NewClient(with ...ClientOption) (*Client, error)

NewClient creates a new SecretHub client. Provided options are applied to the client.

If no WithCredentials() option is provided, the client tries to find a key credential at the following locations (in order):

  1. The SECRETHUB_CREDENTIAL environment variable.
  2. The credential file placed in the directory given by the SECRETHUB_CONFIG_DIR environment variable.
  3. The credential file found in <user's home directory>/.secrethub/credential.

If no key credential could be found, a Client is returned that can only be used for unauthenticated routes.

Example

Create a new Client. 

package main

import (
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"
)

func main() {
	client, err := secrethub.NewClient()
	if err != nil {
		log.Fatal(err)
	}

	// use the client
	_, err = client.Secrets().ReadString("workspace/repo/secret")
	if err != nil {
		log.Fatal(err)
	}
}

Output:
Example (Aws)

Create a new client that uses native AWS services to handle encryption and authentication. 

package main

import (
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"

	"github.com/secrethub/secrethub-go/pkg/secrethub/credentials"
)

func main() {
	client, err := secrethub.NewClient(secrethub.WithCredentials(credentials.UseAWS()))
	if err != nil {
		log.Fatal(err)
	}

	// use the client
	_, err = client.Secrets().ReadString("workspace/repo/secret")
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*Client) AccessRules 

func (c *Client) AccessRules() AccessRuleService

AccessRules returns a service used to manage access rules.

func (*Client) Accounts 

func (c *Client) Accounts() AccountService

Accounts returns a service used to manage SecretHub accounts.

func (*Client) Credentials added in v0.25.0 

func (c *Client) Credentials() CredentialService

Credentials returns a service used to manage credentials.

func (*Client) DefaultCredential added in v0.21.0 

func (c *Client) DefaultCredential() credentials.Reader

DefaultCredential returns a reader pointing to the configured credential, sourcing it either from the SECRETHUB_CREDENTIAL environment variable or from the configuration directory.

func (*Client) Dirs 

func (c *Client) Dirs() DirService

Dirs returns a service used to manage directories.

Example (Create)

Create a new directory. 

package main

import (
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	_, err := client.Dirs().Create("workspace/repo/dir")
	if err != nil {
		log.Fatal(err)
	}
}

Output:


func (c *Client) IDPLinks() IDPLinkService

func (*Client) Me added in v0.18.0 

func (c *Client) Me() MeService

Me returns a service used to manage the current authenticated account.

func (*Client) Orgs 

func (c *Client) Orgs() OrgService

Orgs returns a service used to manage shared organization workspaces.

func (*Client) Repos 

func (c *Client) Repos() RepoService

Repos returns a service used to manage repositories.

Example (Create)

Create a new repository. 

package main

import (
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	_, err := client.Repos().Create("workspace/repo")
	if err != nil {
		log.Fatal(err)
	}
}

Output:
Example (EventIterator)

List all audit events for a given repository. 

package main

import (
	"fmt"
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"

	"github.com/secrethub/secrethub-go/pkg/secrethub/iterator"
)

var client secrethub.ClientInterface

func main() {
	iter := client.Repos().EventIterator("workspace/repo", &secrethub.AuditEventIteratorParams{})
	for {
		event, err := iter.Next()
		if err == iterator.Done {
			break
		} else if err != nil {
			log.Fatal(err)
		}
		fmt.Printf("Audit event logged at:%s form ip address: %s", event.LoggedAt.Local(), event.IPAddress)
	}
}

Output:

func (*Client) Secrets 

func (c *Client) Secrets() SecretService

Secrets returns a service used to manage secrets.

Example (EventIterator)

List all audit events for a given secret. 

package main

import (
	"fmt"
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"

	"github.com/secrethub/secrethub-go/pkg/secrethub/iterator"
)

var client secrethub.ClientInterface

func main() {
	iter := client.Secrets().EventIterator("workspace/repo/secret", &secrethub.AuditEventIteratorParams{})
	for {
		event, err := iter.Next()
		if err == iterator.Done {
			break
		} else if err != nil {
			log.Fatal(err)
		}
		fmt.Printf("Audit event logged at:%s form ip address: %s", event.LoggedAt.Local(), event.IPAddress)
	}
}

Output:
Example (Read)

Read a secret. 

package main

import (
	"fmt"
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	secret, err := client.Secrets().Read("workspace/repo/secret")
	if err != nil {
		log.Fatal(err)
	}

	fmt.Print(string(secret.Data))
}

Output:
Example (Write)

Write a secret. 

package main

import (
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"
)

var client secrethub.ClientInterface

func main() {
	secret := []byte("secret_value_123")
	_, err := client.Secrets().Write("workspace/repo/secret", secret)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*Client) Services 

func (c *Client) Services() ServiceService

Services returns a service used to manage non-human service accounts.

Example (Create)

Create a service account credential. 

package main

import (
	"fmt"
	"log"

	"github.com/secrethub/secrethub-go/pkg/secrethub"

	"github.com/secrethub/secrethub-go/pkg/secrethub/credentials"
)

var client secrethub.ClientInterface

func main() {
	credentialCreator := credentials.CreateKey()
	service, err := client.Services().Create("workspace/repo", "Service account description", credentialCreator)
	if err != nil {
		log.Fatal(err)
	}

	key, err := credentialCreator.Export()
	if err != nil {
		log.Fatal(err)
	}

	fmt.Printf("Service ID: %s\n", service.ServiceID)
	fmt.Printf("Credential: %s\n", string(key))
}

Output:

func (*Client) Users 

func (c *Client) Users() UserService

Users returns a service used to manage (human) user accounts.

type ClientInterface added in v0.21.0 

type ClientInterface interface {
	// AccessRules returns a service used to manage access rules.
	AccessRules() AccessRuleService
	// Accounts returns a service used to manage SecretHub accounts.
	Accounts() AccountService
	// Credentials returns a service used to manage credentials.
	Credentials() CredentialService
	// Dirs returns a service used to manage directories.
	Dirs() DirService
	// IDPLinks returns a service used to manage links between namespaces and Identity Providers.
	IDPLinks() IDPLinkService
	// Me returns a service used to manage the current authenticated account.
	Me() MeService
	// Orgs returns a service used to manage shared organization workspaces.
	Orgs() OrgService
	// Repos returns a service used to manage repositories.
	Repos() RepoService
	// Secrets returns a service used to manage secrets.
	Secrets() SecretService
	// Services returns a service used to manage non-human service accounts.
	Services() ServiceService
	// Users returns a service used to manage (human) user accounts.
	Users() UserService
}

ClientInterface is an interface that can be used to consume the SecretHub client and is implemented by secrethub.Client.

type ClientOption added in v0.21.0 

type ClientOption func(*Client) error

ClientOption is an option that can be set on a secrethub.Client.

func WithAppInfo added in v0.21.0 

func WithAppInfo(appInfo *AppInfo) ClientOption

WithAppInfo sets the AppInfo to be used for identifying the application that is using the SecretHub Client.

func WithConfigDir added in v0.21.0 

func WithConfigDir(configDir configdir.Dir) ClientOption

WithConfigDir sets the configuration directory to use (among others) for sourcing the credential file from.

func WithCredentials added in v0.21.0 

func WithCredentials(provider credentials.Provider) ClientOption

WithCredentials sets the credential to be used for authenticating to the API and decrypting the account key.

func WithDefaultPassphraseReader added in v0.32.0 

func WithDefaultPassphraseReader(reader credentials.Reader) ClientOption

WithDefaultPassphraseReader sets a default passphrase reader that is used for decrypting an encrypted key credential if no credential is set explicitly.

func WithServerURL added in v0.21.0 

func WithServerURL(serverURL string) ClientOption

WithServerURL overrides the default server endpoint URL used by the HTTP client.

func WithTimeout added in v0.21.0 

func WithTimeout(timeout time.Duration) ClientOption

WithTimeout overrides the default request timeout of the HTTP client.

func WithTransport added in v0.21.0 

func WithTransport(transport http.RoundTripper) ClientOption

WithTransport replaces the DefaultTransport used by the HTTP client with the provided RoundTripper.

type CredentialIterator added in v0.25.0 

type CredentialIterator interface {
	Next() (api.Credential, error)
}

CredentialIterator can be used to iterate over a list of credentials.

type CredentialListParams added in v0.25.0 

type CredentialListParams struct{}

CredentialListParams are the parameters that configure credential listing.

type CredentialService added in v0.25.0 

type CredentialService interface {
	// Create a new credential from the credentials.Creator for an existing account.
	Create(credentials.Creator, string) (*api.Credential, error)
	// Disable an existing credential.
	Disable(fingerprint string) error
	// List lists all credentials of the currently authenticated account.
	List(_ *CredentialListParams) CredentialIterator
}

CredentialService handles operations on credentials on SecretHub.

type DirService 

type DirService interface {
	// Create a directory at a given path.
	Create(path string) (*api.Dir, error)
	// CreateAll creates all directories in the given path that do not exist yet.
	//
	// Contrary to Create, it doesn't return an error when the directories already exist.
	CreateAll(path string) error
	// Exists returns whether a directory where you have access to exists at a given path.
	Exists(path string) (bool, error)
	// Get returns the directory with the given ID.
	GetByID(id uuid.UUID) (*api.Dir, error)
	// Delete removes the directory at the given path.
	Delete(path string) error
	// GetTree retrieves a directory at a given path and all of its descendants up to a given depth.
	// When the depth <= 0, all descendants are returned. When ancestors is true, the parent directories
	// of the dir at the given path will also be included in the tree.
	GetTree(path string, depth int, ancestors bool) (*api.Tree, error)
}

DirService handles operations on directories from SecretHub.

type IDPLinkGCPService added in v0.30.0 

type IDPLinkGCPService interface {
	Create(namespace string, projectID string, authorizationCode string, redirectURI string) (*api.IdentityProviderLink, error)
	List(namespace string, params *IdpLinkIteratorParams) IdpLinkIterator
	Get(namespace string, projectID string) (*api.IdentityProviderLink, error)
	Exists(namespace string, projectID string) (bool, error)
	Delete(namespace string, projectID string) error
	AuthorizationCodeListener(namespace string, projectID string) (oauthorizer.CallbackHandler, error)
}

type IDPLinkService added in v0.30.0 

type IDPLinkService interface {
	GCP() IDPLinkGCPService
}

type IdpLinkIterator added in v0.30.0 

type IdpLinkIterator interface {
	Next() (api.IdentityProviderLink, error)
}

IdpLinkIterator iterates over identity provider links.

type IdpLinkIteratorParams added in v0.30.0 

type IdpLinkIteratorParams struct{}

IdpLinkIteratorParams defines parameters used when listing identity provider links.

type MeService added in v0.18.0 

type MeService interface {
	// GetUser retrieves the current users details.
	GetUser() (*api.User, error)
	// SendVerificationEmail sends an email to the authenticated user's registered email address
	// for them to prove they own that email address.
	SendVerificationEmail() error
	// ListRepos retrieves all repositories of the current user.
	// Deprecated: Use iterator function instead.
	ListRepos() ([]*api.Repo, error)
	// RepoIterator returns an iterator that retrieves all repos of the current user.
	RepoIterator(_ *RepoIteratorParams) RepoIterator
}

MeService handles operations on the authenticated account.

type OrgIterator added in v0.27.0 

type OrgIterator interface {
	Next() (api.Org, error)
}

OrgIterator iterates over organizations.

type OrgIteratorParams added in v0.27.0 

type OrgIteratorParams struct{}

type OrgMemberIterator added in v0.27.0 

type OrgMemberIterator interface {
	Next() (api.OrgMember, error)
}

OrgMemberIterator iterates over organization members.

type OrgMemberIteratorParams added in v0.27.0 

type OrgMemberIteratorParams struct{}

OrgMemberIteratorParams defines parameters used when listing members of the organization.

type OrgMemberService 

type OrgMemberService interface {
	// Invite invites a user to an organization.
	Invite(org string, username string, role string) (*api.OrgMember, error)
	// Get retrieves a users organization membership details.
	Get(org string, username string) (*api.OrgMember, error)
	// Update updates the role of a member of the organization.
	Update(org string, username string, role string) (*api.OrgMember, error)
	// Revoke removes the given user from the organization.
	Revoke(org string, username string, opts *api.RevokeOpts) (*api.RevokeOrgResponse, error)
	// List retrieves all members of the given organization.
	// Deprecated: Use iterator function instead.
	List(org string) ([]*api.OrgMember, error)
	// Iterator returns an iterator that lists all members of a given organization.
	Iterator(org string, _ *OrgMemberIteratorParams) OrgMemberIterator
}

OrgMemberService handles operations on organization members.

type OrgService 

type OrgService interface {
	// Create creates an organization.
	Create(name string, description string) (*api.Org, error)
	// Get retrieves an organization.
	Get(name string) (*api.Org, error)
	// Members returns an OrgMemberService.
	Members() OrgMemberService
	// Delete removes an organization.
	Delete(name string) error
	// ListMine returns the organizations of the current user.
	// Deprecated: Use iterator function instead.
	ListMine() ([]*api.Org, error)
	// Iterator returns an iterator that lists all organizations of the current user.
	Iterator(params *OrgIteratorParams) OrgIterator
}

OrgService handles operations on organisations on SecretHub.

type RepoIterator added in v0.27.0 

type RepoIterator interface {
	Next() (api.Repo, error)
}

RepoIterator iterates over repositories.

type RepoIteratorParams added in v0.27.0 

type RepoIteratorParams struct {
	Namespace *string
}

RepoIteratorParams defines parameters used when listing repos.

type RepoService 

type RepoService interface {
	// Create creates a new repo for the given owner and name.
	Create(path string) (*api.Repo, error)
	// Get retrieves the repo with the given path.
	Get(path string) (*api.Repo, error)
	// Delete removes the repo with the given path.
	Delete(path string) error
	// List retrieves all repositories in the given namespace.
	// Deprecated: Use iterator function instead.
	List(namespace string) ([]*api.Repo, error)
	// Iterator returns a new iterator that retrieves all repos according to the specified parameters.
	Iterator(_ *RepoIteratorParams) RepoIterator
	// ListAccounts lists the accounts in the repository.
	// Deprecated: Use iterator function instead.
	ListAccounts(path string) ([]*api.Account, error)
	// AccountIterator returns a new iterator that retrieves all accounts in the given repository.
	AccountIterator(path string, params *AccountIteratorParams) AccountIterator
	// EventIterator returns an iterator that retrieves all audit events for a given repo.
	//
	// Usage:
	//  iter := client.Repos().EventIterator(path, &secrethub.AuditEventIteratorParams{})
	//  for {
	//  	event, err := iter.Next()
	//  	if err == iterator.Done {
	//  		break
	//  	} else if err != nil {
	//  		// Handle error
	//  	}
	//
	//  	// Use event
	//  }
	EventIterator(path string, _ *AuditEventIteratorParams) AuditEventIterator
	// ListEvents retrieves all audit events for a given repo.
	// Deprecated: Use iterator function instead.
	ListEvents(path string, subjectTypes api.AuditSubjectTypeList) ([]*api.Audit, error)
	// ListMine retrieves all repositories of the current user.
	// Deprecated: Use iterator function instead.
	ListMine() ([]*api.Repo, error)
	// Users returns a RepoUserService that handles operations on users of a repository.
	Users() RepoUserService
	// Services returns a RepoServiceService that handles operations on services of a repository.
	Services() RepoServiceService
}

RepoService handles operations on repositories from SecretHub.

type RepoServiceIteratorParams added in v0.27.0 

type RepoServiceIteratorParams struct{}

RepoServiceIteratorParams defines parameters used when listing Services of a given repo.

type RepoServiceService 

type RepoServiceService interface {
	// List lists the services of the given repository.
	// Deprecated: Use iterator function instead.
	List(path string) ([]*api.Service, error)
	// Iterator returns an iterator that lists all services of the given repository.
	Iterator(path string, _ *RepoServiceIteratorParams) ServiceIterator
}

RepoServiceService handles operations on services of repositories.

type RepoUserService 

type RepoUserService interface {
	// Invite invites the user with given username to the repository at the given path.
	Invite(path string, username string) (*api.RepoMember, error)
	// Revoke revokes the user with given username from the repository with the given path.
	Revoke(path string, username string) (*api.RevokeRepoResponse, error)
	// List lists the users of the given repository.
	// Deprecated: Use iterator function instead.
	List(path string) ([]*api.User, error)
	// Iterator returns an iterator that lists the users of a given repository.
	Iterator(path string, params *UserIteratorParams) UserIterator
}

RepoUserService handles operations on users of a repository.

type SecretService 

type SecretService interface {
	// Write encrypts and writes any secret data to SecretHub, always creating
	// a new secret version for the written data. This ensures secret data is
	// never overwritten.
	//
	// To ensure forward secrecy, a new secret key is used whenever the previously
	// used key has been flagged.
	//
	// Write accepts any non-empty byte data that is within the size limit of MaxSecretSize.
	// Note that data is encrypted as is. Sanitizing data is the responsibility of the
	// function caller.
	Write(path string, data []byte) (*api.SecretVersion, error)
	// Read is an alias of `Versions().GetWithData` and gets a secret version, with sensitive data decrypted.
	Read(path string) (*api.SecretVersion, error)
	// ReadString is a convenience function to get the secret data as a string.
	//
	// See .Versions() for more elaborate use.
	ReadString(path string) (string, error)
	// Exists returns whether a secret exists on the given path.
	Exists(path string) (bool, error)
	// Get retrieves a Secret.
	Get(path string) (*api.Secret, error)
	// Delete removes the secret at the given path.
	Delete(path string) error
	// EventIterator returns an iterator that retrieves all audit events for a given secret.
	//
	// Usage:
	//  iter := client.Repos().EventIterator(path, &secrethub.AuditEventIteratorParams{})
	//  for {
	//  	event, err := iter.Next()
	//  	if err == iterator.Done {
	//  		break
	//  	} else if err != nil {
	//  		// Handle error
	//  	}
	//
	//  	// Use event
	//  }
	EventIterator(path string, _ *AuditEventIteratorParams) AuditEventIterator
	// ListEvents retrieves all audit events for a given secret.
	ListEvents(path string, subjectTypes api.AuditSubjectTypeList) ([]*api.Audit, error)
	// Versions returns a SecretVersionService.
	Versions() SecretVersionService
}

SecretService handles operations on secrets from SecretHub.

type SecretVersionIterator added in v0.27.0 

type SecretVersionIterator interface {
	Next() (api.SecretVersion, error)
}

SecretVersionIterator iterates over secret versions.

type SecretVersionIteratorParams added in v0.27.0 

type SecretVersionIteratorParams struct {
	IncludeSensitiveData bool
}

SecretVersionIteratorParams defines parameters used when listing SecretVersions. If IncludeSensitiveData is set to true, secret data will also be retrieved.

type SecretVersionService 

type SecretVersionService interface {
	// GetWithData gets a secret version, with the sensitive data.
	GetWithData(path string) (*api.SecretVersion, error)
	// GetWithoutData gets a secret version, without the sensitive data.
	GetWithoutData(path string) (*api.SecretVersion, error)
	// Delete removes a secret version.
	Delete(path string) error
	// ListWithData lists secret versions, with the sensitive data.
	// Deprecated: Use iterator function instead.
	ListWithData(path string) ([]*api.SecretVersion, error)
	// ListWithoutData lists secret versions, without the sensitive data.
	// Deprecated: Use iterator function instead.
	ListWithoutData(path string) ([]*api.SecretVersion, error)
	// Iterator returns a new iterator that retrieves all secret versions in the given namespace.
	// If the IncludeSensitiveData parameter is set to true, the secret data will also be retrieved.
	Iterator(path string, params *SecretVersionIteratorParams) SecretVersionIterator
}

SecretVersionService handles operations on secret versions from SecretHub.

type ServiceIterator added in v0.27.0 

type ServiceIterator interface {
	Next() (api.Service, error)
}

ServiceIterator iterates over services.

type ServiceIteratorParams added in v0.27.0 

type ServiceIteratorParams struct{}

ServiceIteratorParams defines parameters used when listing Services.

type ServiceService 

type ServiceService interface {
	// Create creates a new service account for the given repo.
	Create(path string, description string, credential credentials.Creator) (*api.Service, error)
	// Get retrieves a service account by name.
	Get(name string) (*api.Service, error)
	// Delete removes a service account by name.
	Delete(name string) (*api.RevokeRepoResponse, error)
	// List lists all service accounts in a given repository.
	// Deprecated: Use iterator function instead.
	List(path string) ([]*api.Service, error)
	// Iterator returns an iterator that lists all service accounts in a given repository.
	Iterator(path string, _ *ServiceIteratorParams) ServiceIterator
}

ServiceService handles operations on service accounts from SecretHub.

type UserIterator added in v0.27.0 

type UserIterator interface {
	Next() (api.User, error)
}

UserIterator iterates over users.

type UserIteratorParams added in v0.27.0 

type UserIteratorParams struct{}

UserIteratorParams defines parameters used when listing Users.

type UserService 

type UserService interface {
	// Me gets the account's user if it exists.
	Me() (*api.User, error)
	// Get a user by their username.
	Get(username string) (*api.User, error)
}

UserService handles operations on users from SecretHub.

Source Files

View all Source files

Directories

Path Synopsis
Package configdir provides simple functions to manage the SecretHub configuration directory.
 Package configdir provides simple functions to manage the SecretHub configuration directory.
Package credentials provides utilities for managing SecretHub API credentials.
 Package credentials provides utilities for managing SecretHub API credentials.
sessions
Package sessions provides session authentication to the SecretHub API for the HTTP client.
 Package sessions provides session authentication to the SecretHub API for the HTTP client.
Package fakeclient provides mock implementations of the client to be used for testing.
 Package fakeclient provides mock implementations of the client to be used for testing.
internals
http
Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
 Package http implements the RESTful HTTP client that talks directly to the API, as opposed to the client package, which wraps the http client with additional logic (e.g.
Package iterator provides a generic iterator to be used as a building block for typed iterators.
 Package iterator provides a generic iterator to be used as a building block for typed iterators.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.