Documentation ¶
Overview ¶
Package secrets implements features we need to create, get, update, rotate secrets and encryption decryption across a fleet of skipper instances.
Index ¶
Constants ¶
This section is empty.
Variables ¶
Functions ¶
This section is empty.
Types ¶
type Encrypter ¶
type Encrypter struct {
// contains filtered or unexported fields
}
func WithSource ¶
func WithSource(s SecretSource) (*Encrypter, error)
WithSource can be used to create an Encrypter, for example in secrettest for testing purposes.
func (*Encrypter) CreateNonce ¶
func (*Encrypter) RefreshCiphers ¶
RefreshCiphers rotates the list of cipher.AEAD initialized with SecretSource from the Encrypter.
type Encryption ¶
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
func NewRegistry ¶
func NewRegistry() *Registry
NewRegistry returns a Registry to store and manage secrets
func (*Registry) NewEncrypter ¶
type SecretPaths ¶ added in v0.10.263
type SecretPaths struct {
// contains filtered or unexported fields
}
func NewSecretPaths ¶ added in v0.10.263
func NewSecretPaths(d time.Duration) *SecretPaths
NewSecretPaths creates a SecretPaths, that implements a SecretsProvider. It runs every d interval background refresher as a side effect. On tear down make sure to Close() it.
func (*SecretPaths) Add ¶ added in v0.10.263
func (sp *SecretPaths) Add(p string) error
Add adds a file or directory to find secrets in all files found. The basename of the file will be the key to get the secret. Add is not synchronized and is not safe to call concurrently. Add has a side effect of lazily init a goroutine to start a single background refresher for the SecretPaths instance.
func (*SecretPaths) Close ¶ added in v0.10.263
func (sp *SecretPaths) Close()
type SecretsProvider ¶ added in v0.10.263
type SecretsProvider interface { SecretsReader // Add adds the given source that contains a secret to the // automatically updated secrets store Add(string) error }
SecretsProvider is a SecretsReader and can add secret sources that contain a secret. It will automatically update secrets if the source changed.
type SecretsReader ¶ added in v0.10.263
type SecretsReader interface { // GetSecret finds secret by name and returns secret and if found or not GetSecret(string) ([]byte, bool) }
SecretsReader is able to get a secret