Documentation

Overview

Package gaesecrets implements storage of secret blobs on top of datastore.

It is not super secure, but we have what we have: there's no other better mechanism to persistently store non-static secrets on GAE.

All secrets are global (live in default GAE namespace).

TODO(vadimsh): Merge into go.chromium.org/luci/server/gaeemulation once there are no other users.

Deprecated: use go.chromium.org/luci/server/secrets instead to fetch secrets from Google Secret Manager.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(cfg *Config) secrets.Store

New constructs a secrets.Store implementation that uses datastore.

func Use

func Use(ctx context.Context, cfg *Config) context.Context

Use injects the GAE implementation of secrets.Store into the context. The context must be configured with GAE datastore implementation already.

Types

type Config

type Config struct {
	SecretLen int       // length of generated secrets, 32 bytes default
	Prefix    string    // optional prefix for entity keys to namespace them
	Entropy   io.Reader // source of random numbers, crypto rand by default
}

Config can be used to tweak parameters of the store. It is fine to use default values.

Source Files