store

package
v2.14.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2024 License: MIT Imports: 26 Imported by: 2

Documentation

Overview

Secrets Manager Store is maintained by Dan MacTough https://github.com/danmactough. Thanks Dan!

Index

Constants

View Source 
const (
	MaximumVersions = 100
	// deprecated
	BucketEnvVar = "CHAMBER_S3_BUCKET"
)
View Source 
const (
	RegionEnvVar            = "CHAMBER_AWS_REGION"
	CustomSSMEndpointEnvVar = "CHAMBER_AWS_SSM_ENDPOINT"
)
View Source 
const (
	// DefaultKeyID is the default alias for the KMS key used to encrypt/decrypt secrets
	DefaultKeyID = "alias/parameter_store_key"

	// DefaultMinThrottleDelay is the default delay before retrying throttled requests
	DefaultMinThrottleDelay = client.DefaultRetryerMinThrottleDelay
)

Variables

View Source 
var (
	// ErrSecretNotFound is returned if the specified secret is not found in the
	// parameter store
	ErrSecretNotFound = errors.New("secret not found")
)

Functions

This section is empty.

Types

type ChangeEvent 

type ChangeEvent struct {
	Type    ChangeEventType
	Time    time.Time
	User    string
	Version int
}

type ChangeEventType 

type ChangeEventType int
const (
	Created ChangeEventType = iota
	Updated
)

func (ChangeEventType) String 

func (c ChangeEventType) String() string

type LatestIndexFile 

type LatestIndexFile struct {
	Latest map[string]LatestValue `json:"latest"`
}

latest is used to keep a single object in s3 with all of the most recent values for the given service's secrets. Keeping this in a single s3 object allows us to use a single s3 GetObject for ListRaw (and thus chamber exec).

type LatestValue 

type LatestValue struct {
	Version  int    `json:"version"`
	Value    string `json:"value"`
	KMSAlias string `json:"KMSAlias"`
}

type NullStore 

type NullStore struct{}

func NewNullStore 

func NewNullStore() *NullStore

func (*NullStore) Delete 

func (s *NullStore) Delete(id SecretId) error

func (*NullStore) History 

func (s *NullStore) History(id SecretId) ([]ChangeEvent, error)

func (*NullStore) List 

func (s *NullStore) List(service string, includeValues bool) ([]Secret, error)

func (*NullStore) ListRaw 

func (s *NullStore) ListRaw(service string) ([]RawSecret, error)

func (*NullStore) ListServices 

func (s *NullStore) ListServices(service string, includeSecretNames bool) ([]string, error)

func (*NullStore) Read 

func (s *NullStore) Read(id SecretId, version int) (Secret, error)

func (*NullStore) Write 

func (s *NullStore) Write(id SecretId, value string) error

type RawSecret 

type RawSecret struct {
	Value string
	Key   string
}

A secret without any metadata

type S3KMSStore 

type S3KMSStore struct {
	S3Store
	// contains filtered or unexported fields
}

func NewS3KMSStore 

func NewS3KMSStore(numRetries int, bucket string, kmsKeyAlias string) (*S3KMSStore, error)

func (*S3KMSStore) Delete 

func (s *S3KMSStore) Delete(id SecretId) error

func (*S3KMSStore) List 

func (s *S3KMSStore) List(service string, includeValues bool) ([]Secret, error)

func (*S3KMSStore) ListRaw added in v2.7.5 

func (s *S3KMSStore) ListRaw(service string) ([]RawSecret, error)

ListRaw returns RawSecrets by extracting them from the index file. It only ever uses the index file; it never consults the actual secrets, so if the index file is out of sync, these results will reflect that.

func (*S3KMSStore) ListServices 

func (s *S3KMSStore) ListServices(service string, includeSecretName bool) ([]string, error)

func (*S3KMSStore) Write 

func (s *S3KMSStore) Write(id SecretId, value string) error

type S3Store 

type S3Store struct {
	// contains filtered or unexported fields
}

func NewS3Store 

func NewS3Store(numRetries int) (*S3Store, error)

Deprecated; use NewS3StoreWithBucket instead

func NewS3StoreWithBucket 

func NewS3StoreWithBucket(numRetries int, bucket string) (*S3Store, error)

func (*S3Store) Delete 

func (s *S3Store) Delete(id SecretId) error

func (*S3Store) History 

func (s *S3Store) History(id SecretId) ([]ChangeEvent, error)

func (*S3Store) List 

func (s *S3Store) List(service string, includeValues bool) ([]Secret, error)

func (*S3Store) ListRaw 

func (s *S3Store) ListRaw(service string) ([]RawSecret, error)

func (*S3Store) ListServices 

func (s *S3Store) ListServices(service string, includeSecretName bool) ([]string, error)

func (*S3Store) Read 

func (s *S3Store) Read(id SecretId, version int) (Secret, error)

func (*S3Store) Write 

func (s *S3Store) Write(id SecretId, value string) error

type SSMStore 

type SSMStore struct {
	// contains filtered or unexported fields
}

SSMStore implements the Store interface for storing secrets in SSM Parameter Store

func NewSSMStore 

func NewSSMStore(numRetries int) (*SSMStore, error)

NewSSMStore creates a new SSMStore

func NewSSMStoreWithMinThrottleDelay added in v2.9.0 

func NewSSMStoreWithMinThrottleDelay(numRetries int, minThrottleDelay time.Duration) (*SSMStore, error)

NewSSMStoreWithMinThrottleDelay creates a new SSMStore with the aws sdk max retries and min throttle delay are configured.

func (*SSMStore) Delete 

func (s *SSMStore) Delete(id SecretId) error

Delete removes a secret from the parameter store. Note this removes all versions of the secret.

func (*SSMStore) History 

func (s *SSMStore) History(id SecretId) ([]ChangeEvent, error)

History returns a list of events that have occurred regarding the given secret.

func (*SSMStore) KMSKey 

func (s *SSMStore) KMSKey() string

func (*SSMStore) List 

func (s *SSMStore) List(serviceName string, includeValues bool) ([]Secret, error)

List lists all secrets for a given service. If includeValues is true, then those secrets are decrypted and returned, otherwise only the metadata about a secret is returned.

func (*SSMStore) ListRaw 

func (s *SSMStore) ListRaw(serviceName string) ([]RawSecret, error)

ListRaw lists all secrets keys and values for a given service. Does not include any other meta-data. Uses faster AWS APIs with much higher rate-limits. Suitable for use in production environments.

func (*SSMStore) ListServices 

func (s *SSMStore) ListServices(service string, includeSecretName bool) ([]string, error)

func (*SSMStore) Read 

func (s *SSMStore) Read(id SecretId, version int) (Secret, error)

Read reads a secret from the parameter store at a specific version. To grab the latest version, use -1 as the version number.

func (*SSMStore) Write 

func (s *SSMStore) Write(id SecretId, value string) error

Write writes a given value to a secret identified by id. If the secret already exists, then write a new version.

type Secret 

type Secret struct {
	Value *string
	Meta  SecretMetadata
}

type SecretId 

type SecretId struct {
	Service string
	Key     string
}

type SecretMetadata 

type SecretMetadata struct {
	Created   time.Time
	CreatedBy string
	Version   int
	Key       string
}

type SecretsManagerStore added in v2.9.0 

type SecretsManagerStore struct {
	// contains filtered or unexported fields
}

SecretsManagerStore implements the Store interface for storing secrets in SSM Parameter Store

func NewSecretsManagerStore added in v2.9.0 

func NewSecretsManagerStore(numRetries int) (*SecretsManagerStore, error)

NewSecretsManagerStore creates a new SecretsManagerStore

func (*SecretsManagerStore) Delete added in v2.9.0 

func (s *SecretsManagerStore) Delete(id SecretId) error

Delete removes a secret. Note this removes all versions of the secret. (True?)

func (*SecretsManagerStore) History added in v2.9.0 

func (s *SecretsManagerStore) History(id SecretId) ([]ChangeEvent, error)

History returns a list of events that have occurred regarding the given secret.

func (*SecretsManagerStore) List added in v2.9.0 

func (s *SecretsManagerStore) List(serviceName string, includeValues bool) ([]Secret, error)

List lists all secrets for a given service. If includeValues is true, then those secrets are decrypted and returned, otherwise only the metadata about a secret is returned.

func (*SecretsManagerStore) ListRaw added in v2.9.0 

func (s *SecretsManagerStore) ListRaw(serviceName string) ([]RawSecret, error)

ListRaw lists all secrets keys and values for a given service. Does not include any other metadata. Suitable for use in production environments.

func (*SecretsManagerStore) ListServices added in v2.9.0 

func (s *SecretsManagerStore) ListServices(service string, includeSecretName bool) ([]string, error)

ListServices (not implemented)

func (*SecretsManagerStore) Read added in v2.9.0 

func (s *SecretsManagerStore) Read(id SecretId, version int) (Secret, error)

Read reads a secret at a specific version. To grab the latest version, use -1 as the version number.

func (*SecretsManagerStore) Write added in v2.9.0 

func (s *SecretsManagerStore) Write(id SecretId, value string) error

Write writes a given value to a secret identified by id. If the secret already exists, then write a new version.

type Store 

type Store interface {
	Write(id SecretId, value string) error
	Read(id SecretId, version int) (Secret, error)
	List(service string, includeValues bool) ([]Secret, error)
	ListRaw(service string) ([]RawSecret, error)
	ListServices(service string, includeSecretName bool) ([]string, error)
	History(id SecretId) ([]ChangeEvent, error)
	Delete(id SecretId) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.