secret

package

v0.0.0-...-9892d47 Latest Latest Go to latest Published: Apr 24, 2026 License: BSD-3-Clause Imports: 12 Imported by: 0

README ¶

golang.org/x/build/internal/secret

Package secret provides a client interface for interacting with the GCP Secret Management service.

Documentation ¶

Overview ¶

Package secret provides a client interface for interacting with the GCP Secret Management service.

Index ¶

Constants
func Flag(name, usage string) *string
func FlagVar(p *string, name, usage string)
func InitFlagSupport(ctx context.Context) error
func JSONVarFlag(value any, name, usage string)
type BlueskyCredentials
- func (t BlueskyCredentials) GoString() string
- func (t BlueskyCredentials) String() string
type Client
- func (smc *Client) Close() error
- func (smc *Client) Retrieve(ctx context.Context, name string) (string, error)
type FlagResolver
type MailjetCredentials
- func (t MailjetCredentials) GoString() string
- func (t MailjetCredentials) String() string
type MastodonCredentials
- func (t MastodonCredentials) GoString() string
- func (t MastodonCredentials) String() string
type TwitterCredentials
- func (t TwitterCredentials) GoString() string
- func (t TwitterCredentials) String() string

Constants ¶

View Source

const (
	// NameBuilderMasterKey is the secret name for the builder master key.
	NameBuilderMasterKey = "builder-master-key"

	// NameFarmerRunBench is the secret name for farmer run bench.
	NameFarmerRunBench = "farmer-run-bench"

	// NameGerritbotGitCookies is the secret name for Gerritbot Git cookies.
	NameGerritbotGitCookies = "gerritbot-gitcookies"

	// NameGitHubSSH is the secret name for GitHub SSH key.
	NameGitHubSSH = "github-ssh"

	// NameGitHubSSHKey is the secret name for the GitHub SSH private key.
	NameGitHubSSHKey = "github-ssh-private-key"

	// NameGobotPassword is the secret name for the gobot@golang.org Gerrit account password.
	NameGobotPassword = "gobot-password"

	// NameGomoteSSHCAPrivateKey is the secret name for the gomote SSH certificate authority private key.
	NameGomoteSSHCAPrivateKey = "gomote-ssh-ca-private-key"

	// NameGomoteSSHCAPublicKey is the secret name for the gomote SSH certificate authority public key.
	NameGomoteSSHCAPublicKey = "gomote-ssh-ca-public-key"

	// NameGomoteSSHPrivateKey is the secret name for the gomote SSH private key.
	NameGomoteSSHPrivateKey = "gomote-ssh-private-key"

	// NameGomoteSSHPublicKey is the secret name for the gomote SSH public key.
	NameGomoteSSHPublicKey = "gomote-ssh-public-key"

	// NameMaintnerGitHubToken is the secret name for the Maintner GitHub token.
	NameMaintnerGitHubToken = "maintner-github-token"

	// NameWatchflakesGitHubToken is the secret name for the watchflakes GitHub token.
	NameWatchflakesGitHubToken = "watchflakes-github-token"

	// NameGitHubWebhookSecret is the secret name for a golang/go GitHub webhook secret.
	NameGitHubWebhookSecret = "github-webhook-secret"

	// NamePubSubHelperWebhook is the secret name for the pubsub helper webhook secret.
	NamePubSubHelperWebhook = "pubsubhelper-webhook-secret"

	// NameAWSAccessKey is the secret name for the AWS access key.
	NameAWSAccessKey = "aws-access-key"

	// NameAWSKeyID is the secret name for the AWS key id.
	NameAWSKeyID = "aws-key-id"

	// NameSendGridAPIKey is the secret name for a Go project SendGrid API key.
	// This API key only allows sending email.
	NameSendGridAPIKey = "sendgrid-sendonly-api-key"

	// NameTwitterAPISecret is the secret name for Twitter API credentials for
	// posting tweets from the Go project's Twitter account (twitter.com/golang).
	//
	// The secret value encodes relevant keys and their secrets as
	// a JSON object that can be unmarshaled into TwitterCredentials:
	//
	// 	{
	// 		"ConsumerKey":       "...",
	// 		"ConsumerSecret":    "...",
	// 		"AccessTokenKey":    "...",
	// 		"AccessTokenSecret": "..."
	// 	}
	NameTwitterAPISecret = "twitter-api-secret"
	// NameStagingTwitterAPISecret is the secret name for Twitter API credentials
	// for posting tweets using a staging test Twitter account.
	//
	// This secret is available in the Secret Manager of the x/build staging GCP project.
	//
	// The secret value encodes relevant keys and their secrets as
	// a JSON object that can be unmarshaled into TwitterCredentials.
	NameStagingTwitterAPISecret = "staging-" + NameTwitterAPISecret

	// NameMastodonAPISecret is the secret name for Mastodon API credentials
	// for posting to Hachyderm.io/@golang.  The secret value is a JSON
	// encoding of the MastodonCredentials.
	NameMastodonAPISecret = "mastodon-api-secret"

	// NameBlueskyAPISecret is the secret name for Bluesky API credentials.
	// The secret value is a JSON encoding of the BlueskyCredentials.
	NameBlueskyAPISecret = "bluesky-api-secret"

	// NameMacServiceAPIKey is the secret name for the MacService API key.
	NameMacServiceAPIKey = "macservice-api-key"

	// NameVSCodeMarketplacePublishToken is the secret name for VS Code
	// Marketplace publisher key.
	NameVSCodeMarketplacePublishToken = "vscode-marketplace-token"
)

Variables ¶

This section is empty.

Functions ¶

func Flag ¶

func Flag(name, usage string) *string

Flag defines a string flag on flag.CommandLine that supports Secret Manager resolution for values like "secret:<secret name>". InitFlagSupport must be called before flag.Parse.

func FlagVar ¶

func FlagVar(p *string, name, usage string)

FlagVar defines a string flag on flag.CommandLine that supports Secret Manager resolution for values like "secret:<secret name>". InitFlagSupport must be called before flag.Parse.

func InitFlagSupport ¶

func InitFlagSupport(ctx context.Context) error

InitFlagSupport initializes the dependencies for flags declared with Flag.

func JSONVarFlag ¶

func JSONVarFlag(value any, name, usage string)

JSONVarFlag defines a flag on flag.CommandLine that behaves like Flag and then json.Unmarshals the resulting string into value.

Types ¶

type BlueskyCredentials ¶

type BlueskyCredentials struct {
	Handle      string // e.g., "golang.org"
	Server      string // e.g., "https://bsky.social"
	AccessToken string // App password (from Bluesky's Settings page for this handle)
}

func (BlueskyCredentials) GoString ¶

func (t BlueskyCredentials) GoString() string

func (BlueskyCredentials) String ¶

func (t BlueskyCredentials) String() string

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is used to interact with the GCP Secret Management service.

func MustNewClient ¶

func MustNewClient() *Client

MustNewClient instantiates an instance of the Secret Manager Client. If there is an error this function will exit.

func NewClient ¶

func NewClient() (*Client, error)

NewClient creates a Secret Manager Client that targets the current GCP instance's project ID.

func NewClientInProject ¶

func NewClientInProject(projectID string) (*Client, error)

NewClientInProject creates a Secret Manager Client that targets the specified GCP project ID.

func (*Client) Close ¶

func (smc *Client) Close() error

Close closes the connection to the Secret Management service.

func (*Client) Retrieve ¶

func (smc *Client) Retrieve(ctx context.Context, name string) (string, error)

Retrieve the named secret from the Secret Management service.

type FlagResolver ¶

type FlagResolver struct {
	Context          context.Context
	Client           secretClient
	DefaultProjectID string
}

FlagResolver contains the dependencies necessary to resolve a Secret flag.

var DefaultResolver FlagResolver

DefaultResolver is the FlagResolver used by the convenience functions.

func (*FlagResolver) Flag ¶

func (r *FlagResolver) Flag(set *flag.FlagSet, name, usage string) *string

Flag defines a string flag on set that will be resolved using r. The return value is the address of a string variable that stores the value of the flag.

func (*FlagResolver) FlagVar ¶

func (r *FlagResolver) FlagVar(set *flag.FlagSet, p *string, name, usage string)

FlagVar defines a string flag on set that will be resolved using r. The argument p points to a string variable in which to store the value of the flag.

func (*FlagResolver) JSONVarFlag ¶

func (r *FlagResolver) JSONVarFlag(set *flag.FlagSet, value any, name, usage string)

JSONVarFlag defines a flag on set that behaves like Flag and then json.Unmarshals the resulting string into value.

func (*FlagResolver) ResolveSecret ¶

func (r *FlagResolver) ResolveSecret(flagValue string) (string, error)

ResolveSecret resolves a string value, which need not be a flag.

type MailjetCredentials ¶

type MailjetCredentials struct {
	APIKeyPublic  string
	APIKeyPrivate string
}

MailjetCredentials holds Mailjet API credentials.

func (MailjetCredentials) GoString ¶

func (t MailjetCredentials) GoString() string

func (MailjetCredentials) String ¶

func (t MailjetCredentials) String() string

type MastodonCredentials ¶

type MastodonCredentials struct {
	// Log in to <Instance> as your bot account,
	// navigate to Profile -> Development,
	// Click on <Application> in the Application column,
	// and it will reveal Client Key, Client Secret, and Access Token
	Instance      string // Instance (e.g. "botsin.space")
	Application   string // Application name (e.g. ""Go benchmarking bot"")
	ClientKey     string // Client Key
	ClientSecret  string // Client secret
	AccessToken   string // Access token
	TestRecipient string // For testing only, ignored by non-test API
}

func (MastodonCredentials) GoString ¶

func (t MastodonCredentials) GoString() string

func (MastodonCredentials) String ¶

func (t MastodonCredentials) String() string

type TwitterCredentials ¶

type TwitterCredentials struct {
	ConsumerKey       string
	ConsumerSecret    string
	AccessTokenKey    string
	AccessTokenSecret string
}

TwitterCredentials holds Twitter API credentials.

func (TwitterCredentials) GoString ¶

func (t TwitterCredentials) GoString() string

func (TwitterCredentials) String ¶

func (t TwitterCredentials) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL