secrets

package
v0.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2019 License: Apache-2.0, MIT Imports: 15 Imported by: 2

Documentation

Overview

Package secrets implements features we need to create, get, update, rotate secrets and encryption decryption across a fleet of skipper instances.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAlreadyExists    = errors.New("secret already exists")
	ErrWrongFileType    = errors.New("file type not supported")
	ErrFailedToReadFile = errors.New("failed to read file")
)

Functions

This section is empty.

Types

type Encrypter 

type Encrypter struct {
	// contains filtered or unexported fields
}

func WithSource 

func WithSource(s SecretSource) (*Encrypter, error)

WithSource can be used to create an Encrypter, for example in secrettest for testing purposes.

func (*Encrypter) Close 

func (e *Encrypter) Close()

func (*Encrypter) CreateNonce 

func (e *Encrypter) CreateNonce() ([]byte, error)

func (*Encrypter) Decrypt 

func (e *Encrypter) Decrypt(cipherText []byte) ([]byte, error)

Decrypt decrypts given cipher text

func (*Encrypter) Encrypt 

func (e *Encrypter) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts given plaintext

func (*Encrypter) RefreshCiphers 

func (e *Encrypter) RefreshCiphers() error

RefreshCiphers rotates the list of cipher.AEAD initialized with SecretSource from the Encrypter.

type Encryption 

type Encryption interface {
	CreateNonce() ([]byte, error)
	Decrypt([]byte) ([]byte, error)
	Encrypt([]byte) ([]byte, error)
	Close()
}

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

func NewRegistry 

func NewRegistry() *Registry

NewRegistry returns a Registry to store and manage secrets

func (*Registry) Close 

func (r *Registry) Close()

Close will close all Encryption of the Registry

func (*Registry) NewEncrypter 

func (r *Registry) NewEncrypter(refreshInterval time.Duration, file string) (Encryption, error)

type SecretPaths added in v0.10.263 

type SecretPaths struct {
	// contains filtered or unexported fields
}

func NewSecretPaths added in v0.10.263 

func NewSecretPaths(d time.Duration) *SecretPaths

NewSecretPaths creates a SecretPaths, that implements a SecretsProvider. It runs every d interval background refresher as a side effect. On tear down make sure to Close() it.

func (*SecretPaths) Add added in v0.10.263 

func (sp *SecretPaths) Add(p string) error

Add adds a file or directory to find secrets in all files found. The basename of the file will be the key to get the secret. Add is not synchronized and is not safe to call concurrently. Add has a side effect of lazily init a goroutine to start a single background refresher for the SecretPaths instance.

func (*SecretPaths) Close added in v0.10.263 

func (sp *SecretPaths) Close()

func (*SecretPaths) GetSecret added in v0.10.263 

func (sp *SecretPaths) GetSecret(s string) ([]byte, bool)

GetSecret returns secret and if found or not for a given name.

type SecretSource 

type SecretSource interface {
	GetSecret() ([][]byte, error)
}

SecretSource

type SecretsProvider added in v0.10.263 

type SecretsProvider interface {
	SecretsReader
	// Add adds the given source that contains a secret to the
	// automatically updated secrets store
	Add(string) error
}

SecretsProvider is a SecretsReader and can add secret sources that contain a secret. It will automatically update secrets if the source changed.

type SecretsReader added in v0.10.263 

type SecretsReader interface {
	// GetSecret finds secret by name and returns secret and if found or not
	GetSecret(string) ([]byte, bool)
}

SecretsReader is able to get a secret

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.