Documentation ¶
Overview ¶
Package berglas is the Go API for calling berglas.
Index ¶
- Constants
- func Access(ctx context.Context, i accessRequest) ([]byte, error)
- func Bootstrap(ctx context.Context, i bootstrapRequest) error
- func Delete(ctx context.Context, i deleteRequest) error
- func Grant(ctx context.Context, i grantRequest) error
- func IsReference(s string) bool
- func IsSecretAlreadyExistsErr(err error) bool
- func IsSecretDoesNotExistErr(err error) bool
- func IsSecretManagerReference(s string) bool
- func IsSecretModifiedErr(err error) bool
- func IsStorageReference(s string) bool
- func Replace(ctx context.Context, key string) error
- func Resolve(ctx context.Context, s string) ([]byte, error)
- func Revoke(ctx context.Context, i revokeRequest) error
- type AccessRequest
- type BootstrapRequest
- type Client
- func (c *Client) Access(ctx context.Context, i accessRequest) ([]byte, error)
- func (c *Client) Bootstrap(ctx context.Context, i bootstrapRequest) error
- func (c *Client) Create(ctx context.Context, i createRequest) (*Secret, error)
- func (c *Client) Delete(ctx context.Context, i deleteRequest) error
- func (c *Client) Grant(ctx context.Context, i grantRequest) error
- func (c *Client) List(ctx context.Context, i listRequest) (*ListResponse, error)
- func (c *Client) Logger() *logrus.Logger
- func (c *Client) Read(ctx context.Context, i readRequest) (*Secret, error)
- func (c *Client) Replace(ctx context.Context, key string) error
- func (c *Client) Resolve(ctx context.Context, s string) ([]byte, error)
- func (c *Client) Revoke(ctx context.Context, i revokeRequest) error
- func (c *Client) SetLogFormatter(formatter logrus.Formatter)
- func (c *Client) SetLogLevel(level logrus.Level)
- func (c *Client) SetLogOutput(out io.Writer)
- func (c *Client) SetLogger(l *logrus.Logger)
- func (c *Client) Update(ctx context.Context, i updateRequest) (*Secret, error)
- type CreateRequest
- type DeleteRequest
- type Error
- type GrantRequest
- type ListRequest
- type ListResponse
- type LogFormatterStackdriver
- type ReadRequest
- type Reference
- func (r *Reference) Bucket() string
- func (r *Reference) Filepath() string
- func (r *Reference) Generation() int64
- func (r *Reference) Name() string
- func (r *Reference) Object() string
- func (r *Reference) Project() string
- func (r *Reference) String() string
- func (r *Reference) Type() ReferenceType
- func (r *Reference) Version() string
- type ReferenceType
- type RevokeRequest
- type Secret
- type SecretManagerAccessRequest
- type SecretManagerBootstrapRequest
- type SecretManagerCreateRequest
- type SecretManagerDeleteRequest
- type SecretManagerGrantRequest
- type SecretManagerListRequest
- type SecretManagerReadRequest
- type SecretManagerRevokeRequest
- type SecretManagerUpdateRequest
- type StorageAccessRequest
- type StorageBootstrapRequest
- type StorageCreateRequest
- type StorageDeleteRequest
- type StorageGrantRequest
- type StorageListRequest
- type StorageReadRequest
- type StorageRevokeRequest
- type StorageUpdateRequest
- type UpdateRequest
Examples ¶
- Client.Access (SecretManager)
- Client.Access (Storage)
- Client.Bootstrap (SecretManager)
- Client.Bootstrap (Storage)
- Client.Create (SecretManager)
- Client.Create (Storage)
- Client.Delete (SecretManager)
- Client.Delete (Storage)
- Client.Grant (SecretManager)
- Client.Grant (Storage)
- Client.List (SecretManager)
- Client.List (Storage)
- Client.Read (SecretManager)
- Client.Read (Storage)
- Client.Replace (SecretManager)
- Client.Replace (Storage)
- Client.Resolve (SecretManager)
- Client.Resolve (Storage)
- Client.Revoke (SecretManager)
- Client.Revoke (Storage)
- Client.Update (SecretManager)
- Client.Update (Storage)
- New
Constants ¶
const ( // CacheControl is the cache-control value to set on the GCS objects. This is // configured to use no caching, since users most likely want their secrets to // be immediately available. CacheControl = "private, no-cache, no-store, no-transform, max-age=0" // ChunkSize is the size in bytes of the chunks to upload. ChunkSize = 1024 // MetadataIDKey is a key in the object metadata that identifies an object as // a secret. This is used when enumerating secrets in a bucket, in case // non-secrets also reside in the bucket. MetadataIDKey = "berglas-secret" // MetadataKMSKey is the key in the metadata where the name of the KMS key is // stored. MetadataKMSKey = "berglas-kms-key" )
const ( // ReferencePrefixStorage is the prefix for berglas references ReferencePrefixStorage = "berglas://" // ReferencePrefixSecretManager is the prefix for secret manager references ReferencePrefixSecretManager = "sm://" )
Variables ¶
This section is empty.
Functions ¶
func Access ¶
Access is a top-level package function for accessing a secret. For large volumes of secrets, please create a client instead.
func Bootstrap ¶
Bootstrap is a top-level package that creates a Cloud Storage bucket and Cloud KMS key with the proper IAM permissions.
func Delete ¶
Delete is a top-level package function for deleting a secret. For large volumes of secrets, please create a client instead.
func Grant ¶
Grant is a top-level package function for granting access to a secret. For large volumes of secrets, please create a client instead.
func IsReference ¶
IsReference returns true if the given string looks like a berglas or secret manager reference.
func IsSecretAlreadyExistsErr ¶ added in v0.2.0
IsSecretAlreadyExistsErr returns true if the given error means that the secret already exists.
func IsSecretDoesNotExistErr ¶ added in v0.2.0
IsSecretDoesNotExistErr returns true if the given error means that the secret does not exist.
func IsSecretManagerReference ¶ added in v0.5.0
IsSecretManagerReference returns true if the given string looks like a secret manager reference.
func IsSecretModifiedErr ¶ added in v0.2.0
IsSecretModifiedErr returns true if the given error means that the secret was modified (CAS failure).
func IsStorageReference ¶ added in v0.5.0
IsStorageReference returns true if the given string looks like a Cloud Storage reference.
func Replace ¶
Replace parses a berglas reference and replaces it. See Client.Replace for more details and examples.
Types ¶
type AccessRequest ¶
type AccessRequest = StorageAccessRequest
AccessRequest is an alias for StorageAccessRequest for backwards-compatibility. New clients should use StorageAccessRequest.
type BootstrapRequest ¶
type BootstrapRequest = StorageBootstrapRequest
BootstrapRequest is an alias for StorageBootstrapRequest for backwards-compatibility. New clients should use StorageBootstrapRequest.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a berglas client
func New ¶
New creates a new berglas client.
Example ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error ) func main() { client, err = berglas.New(ctx) }
Output:
func (*Client) Access ¶
Access accesses a secret. When given a SecretManagerAccessRequest, this accesses a secret from Secret Manager. When given a StorageAccessRequest, this accesses a secret stored in Cloud Storage encrypted with Cloud KMS.
Example (SecretManager) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error plaintext []byte project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { plaintext, err = client.Access(ctx, &berglas.SecretManagerAccessRequest{ Project: project, Name: "my-secret", }) log.Println(plaintext) // "abcd1234" }
Output:
Example (Storage) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error plaintext []byte bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { plaintext, err = client.Access(ctx, &berglas.StorageAccessRequest{ Bucket: bucket, Object: "my-secret", }) log.Println(plaintext) // "abcd1234" }
Output:
func (*Client) Bootstrap ¶
Bootstrap adds IAM permission to the given entity to the storage object and the underlying KMS key.
Example (SecretManager) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error ) func main() { // This is a noop - there's nothing to bootstrap with Secret Manager err = client.Bootstrap(ctx, &berglas.SecretManagerBootstrapRequest{}) }
Output:
Example (Storage) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { err = client.Bootstrap(ctx, &berglas.StorageBootstrapRequest{ ProjectID: "my-project", Bucket: bucket, BucketLocation: "US", KMSLocation: "global", KMSKeyRing: "berglas", KMSCryptoKey: "berglas-key", }) }
Output:
func (*Client) Create ¶
Create creates a secret. When given a SecretManagerCreateRequest, this creates a secret using Secret Manager. When given a StorageCreateRequest, this creates a secret stored in Cloud Storage encrypted with Cloud KMS.
If the secret already exists, an error is returned. Use Update to update an existing secret.
Example (SecretManager) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error secret *berglas.Secret project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { secret, err = client.Create(ctx, &berglas.SecretManagerCreateRequest{ Project: project, Name: "my-secret", Plaintext: []byte("my secret data"), }) log.Printf("%v\n", secret) }
Output:
Example (Storage) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error secret *berglas.Secret bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") key = os.Getenv("GOOGLE_CLOUD_KMS_KEY") ) func main() { secret, err = client.Create(ctx, &berglas.StorageCreateRequest{ Bucket: bucket, Object: "my-secret", Key: key, Plaintext: []byte("my secret data"), }) log.Printf("%v\n", secret) }
Output:
func (*Client) Delete ¶
Delete deletes a secret. When given a SecretManagerDeleteRequest, this deletes a secret from Secret Manager. When given a StorageDeleteRequest, this deletes a secret stored in Cloud Storage.
Example (SecretManager) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { err = client.Delete(ctx, &berglas.SecretManagerDeleteRequest{ Project: project, Name: "my-secret", }) }
Output:
Example (Storage) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { err = client.Delete(ctx, &berglas.StorageDeleteRequest{ Bucket: bucket, Object: "my-secret", }) }
Output:
func (*Client) Grant ¶
Grant adds IAM permission to the given entity to the storage object and the underlying KMS key.
Example (SecretManager) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { err = client.Grant(ctx, &berglas.SecretManagerGrantRequest{ Project: project, Name: "my-secret", Members: []string{ "serviceAccount:builder@my-project.iam.gserviceaccount.com", }, }) }
Output:
Example (Storage) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { err = client.Grant(ctx, &berglas.StorageGrantRequest{ Bucket: bucket, Object: "my-secret", Members: []string{ "serviceAccount:builder@my-project.iam.gserviceaccount.com", }, }) }
Output:
func (*Client) List ¶
func (c *Client) List(ctx context.Context, i listRequest) (*ListResponse, error)
List lists all secrets in the bucket. This doesn't fetch the plaintext value of secrets.
Example (SecretManager) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error listResponse *berglas.ListResponse project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { listResponse, err = client.List(ctx, &berglas.SecretManagerListRequest{ Project: project, }) log.Println(listResponse) // [&Secret{...}] }
Output:
Example (Storage) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error listResponse *berglas.ListResponse bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { listResponse, err = client.List(ctx, &berglas.StorageListRequest{ Bucket: bucket, }) log.Println(listResponse) // [&Secret{...}] }
Output:
func (*Client) Read ¶ added in v0.2.0
Read read a secret. When given a SecretManagerReadRequest, this reads a secret from Secret Manager. When given a StorageReadRequest, this reads a secret stored in Cloud Storage.
Example (SecretManager) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error secret *berglas.Secret project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { secret, err = client.Read(ctx, &berglas.SecretManagerReadRequest{ Project: project, Name: "my-secret", Version: "12", }) log.Println(secret) // &Secret{...} }
Output:
Example (Storage) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error secret *berglas.Secret bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { secret, err = client.Read(ctx, &berglas.StorageReadRequest{ Bucket: bucket, Object: "my-secret", Generation: secret.Generation, }) log.Println(secret) // &Secret{...} }
Output:
func (*Client) Replace ¶
Replace parses a berglas reference from the environment variable at the given environment variable name. If parsing and extraction is successful, this function replaces the value of the environment variable to the resolved secret reference.
Example (SecretManager) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error ) func main() { // MY_ENVVAR = "sm://my-project/my-secret#12" err = client.Replace(ctx, "MY_ENVVAR") }
Output:
Example (Storage) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error ) func main() { // MY_ENVVAR = "berglas://my-bucket/my-object#12248904892" err = client.Replace(ctx, "MY_ENVVAR") }
Output:
func (*Client) Resolve ¶
Resolve parses and extracts a berglas reference. The result is the plaintext secrets contents, or a path to the decrypted contents on disk.
Example (SecretManager) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error plaintext []byte ) func main() { plaintext, err = client.Resolve(ctx, "sm://my-project/my-secret") log.Println(plaintext) // "my secret data" }
Output:
Example (Storage) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error plaintext []byte ) func main() { plaintext, err = client.Resolve(ctx, "berglas://my-bucket/my-object") log.Println(plaintext) // "my secret data" }
Output:
func (*Client) Revoke ¶
Revoke removes IAM permission to the given entity on the storage object and the underlying KMS key.
Example (SecretManager) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { err = client.Revoke(ctx, &berglas.SecretManagerRevokeRequest{ Project: project, Name: "my-secret", Members: []string{ "serviceAccount:builder@my-project.iam.gserviceaccount.com", }, }) }
Output:
Example (Storage) ¶
package main import ( "context" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { err = client.Revoke(ctx, &berglas.StorageRevokeRequest{ Bucket: bucket, Object: "my-secret", Members: []string{ "serviceAccount:builder@my-project.iam.gserviceaccount.com", }, }) }
Output:
func (*Client) SetLogFormatter ¶ added in v0.3.0
SetLogFormatter sets the format of the logger. Use
func (*Client) SetLogLevel ¶ added in v0.3.0
SetLogLevel is a high-level function for setting the log level.
func (*Client) SetLogOutput ¶ added in v0.3.0
SetLogOutput is a high-level function for setting log output destination.
func (*Client) SetLogger ¶ added in v0.3.0
SetLogger is a lower-level library that allows injecting a custom logger.
func (*Client) Update ¶ added in v0.2.0
Update updates a secret. When given a SecretManagerUpdateRequest, this updates a secret in Secret Manager. When given a StorageUpdateRequest, this updates a secret stored in Cloud Storage encrypted with Cloud KMS.
Example (SecretManager) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error secret *berglas.Secret project = os.Getenv("GOOGLE_CLOUD_PROJECT") ) func main() { secret, err = client.Update(ctx, &berglas.SecretManagerUpdateRequest{ Project: project, Name: "my-secret", Plaintext: []byte("my updated secret data"), }) log.Println(secret) // [&Secret{"my updated secret data"...}] }
Output:
Example (Storage) ¶
package main import ( "context" "log" "os" "github.com/GoogleCloudPlatform/berglas/pkg/berglas" ) var ( ctx = context.Background() client, _ = berglas.New(ctx) err error secret *berglas.Secret bucket = os.Getenv("GOOGLE_CLOUD_BUCKET") ) func main() { secret, err = client.Update(ctx, &berglas.StorageUpdateRequest{ Bucket: bucket, Object: "my-secret", Generation: secret.Generation, Key: secret.KMSKey, Metageneration: secret.Metageneration, Plaintext: []byte("my updated secret data"), }) log.Println(secret) // [&Secret{"my updated secret data"...}] }
Output:
type CreateRequest ¶
type CreateRequest = StorageCreateRequest
CreateRequest is an alias for StorageCreateRequest for backwards-compatibility. New clients should use StorageCreateRequest.
type DeleteRequest ¶
type DeleteRequest = StorageDeleteRequest
DeleteRequest is an alias for StorageDeleteRequest for backwards-compatibility. New clients should use StorageDeleteRequest.
type GrantRequest ¶
type GrantRequest = StorageGrantRequest
GrantRequest is an alias for StorageGrantRequest for backwards-compatibility. New clients should use StorageGrantRequest.
type ListRequest ¶
type ListRequest = StorageListRequest
ListRequest is an alias for StorageListRequest for backwards-compatibility. New clients should use StorageListRequest.
type ListResponse ¶ added in v0.1.4
type ListResponse struct { // Secrets are the list of secrets in the response. Secrets []*Secret }
ListResponse is the response from a list call.
type LogFormatterStackdriver ¶ added in v0.3.0
type LogFormatterStackdriver struct{}
LogFormatterStackdriver is a logrus-compatible formatter that formats entries in a Stackdriver-compatible way. It specifically produces JSON structured logs.
type ReadRequest ¶ added in v0.2.0
type ReadRequest = StorageReadRequest
ReadRequest is an alias for StorageReadRequest for backwards-compatibility. New clients should use StorageReadRequest.
type Reference ¶
type Reference struct {
// contains filtered or unexported fields
}
Reference is a parsed berglas reference.
func ParseReference ¶
ParseReference parses a secret ref of the format `berglas://bucket/secret` or `sm://project/secret` and returns a structure representing that information.
func (*Reference) Bucket ¶
Bucket is the storage bucket where the secret lives. This is only set on Cloud Storage secrets.
func (*Reference) Generation ¶ added in v0.2.1
Generation is the secret generation, if any. This is only set on Cloud Storage secrets.
func (*Reference) Name ¶ added in v0.5.0
Name is the name. This is only set on Secret Manager secrets.
func (*Reference) Object ¶
Object is the name of the secret in the storage bucket. This is only set on Cloud Storage secrets.
func (*Reference) Project ¶ added in v0.5.0
Project is the GCP project where the secret lives. This is only set on Secret Manager secrets.
func (*Reference) Type ¶ added in v0.5.0
func (r *Reference) Type() ReferenceType
Type is the type of reference, used for switching.
type ReferenceType ¶ added in v0.5.0
type ReferenceType int8
ReferenceType is the type of Berglas reference. It is used to distinguish between different source types.
const ( ReferenceTypeSecretManager ReferenceType ReferenceTypeStorage )
type RevokeRequest ¶
type RevokeRequest = StorageRevokeRequest
RevokeRequest is an alias for StorageRevokeRequest for backwards-compatibility. New clients should use StorageRevokeRequest.
type Secret ¶ added in v0.1.4
type Secret struct { // Parent is the resource container. For Cloud Storage secrets, this is the // bucket name. For Secret Manager secrets, this is the project ID. Parent string // Name of the secret. Name string // Plaintext value of the secret. This may be empty. Plaintext []byte // Version indicates a secret's version. Secret Manager only. Version string // UpdatedAt indicates when a secret was last updated. UpdatedAt time.Time // Generation and Metageneration indicates a secret's version. Cloud Storage // only. Generation, Metageneration int64 // KMSKey is the key used to encrypt the secret key. Cloud Storage only. KMSKey string // Locations is the list of custom locations the secret is replicated to. // This is set to nil if the secret is automatically replicated instead. // Secret Manager only. Locations []string }
Secret represents a secret.
func Create ¶
Create is a top-level package function for creating a secret. For large volumes of secrets, please create a client instead.
type SecretManagerAccessRequest ¶ added in v0.5.0
type SecretManagerAccessRequest struct { // Project is the ID or number of the project from which to access secrets. Project string // Name is the name of the secret to access. Name string // Version is the version of the secret to access. Version string }
SecretManagerAccessRequest is used as input to access a secret from Secret Manager.
type SecretManagerBootstrapRequest ¶ added in v0.5.0
type SecretManagerBootstrapRequest struct{}
SecretManagerBootstrapRequest is used as input to bootstrap Secret Manager. This is a noop.
type SecretManagerCreateRequest ¶ added in v0.5.0
type SecretManagerCreateRequest struct { // Project is the ID or number of the project from which to create the secret. Project string // Name is the name of the secret to create. Name string // Plaintext is the plaintext to store. Plaintext []byte // Locations is an array indicating the canonical IDs (e.g. "us-east1") of // the locations to the replicate data at. This defaults to the automatic // replication policy when not specified. An empty array is not allowed. Locations []string }
SecretManagerCreateRequest is used as input to create a secret using Secret Manager.
type SecretManagerDeleteRequest ¶ added in v0.5.0
type SecretManagerDeleteRequest struct { // Project is the ID or number of the project from which to delete the secret. Project string // Name is the name of the secret to delete. Name string }
SecretManagerDeleteRequest is used as input to delete a secret from Secret Manager.
type SecretManagerGrantRequest ¶ added in v0.5.0
type SecretManagerGrantRequest struct { // Project is the ID or number of the project where secrets live. Project string // Name is the name of the secret to access. Name string // Members is the list of membership bindings. This should be in the format // described at https://godoc.org/google.golang.org/api/iam/v1#Binding. Members []string }
SecretManagerGrantRequest is used as input to grant access to a secret in Secret Manager.
type SecretManagerListRequest ¶ added in v0.5.0
type SecretManagerListRequest struct { // Project is the ID or number of the project from which to list secrets. Project string // Prefix matches secret names to filter. Prefix string // Versions indicates that all versions of secrets should be listed. Versions bool }
SecretManagerListRequest is used as input to list secrets from Secret Manager.
type SecretManagerReadRequest ¶ added in v0.5.0
type SecretManagerReadRequest struct { // Project is the ID or number of the project from which to read secrets. Project string // Name is the name of the secret to read. Name string // Version is the version of the secret to read. Version string }
SecretManagerReadRequest is used as input to read a secret from Secret Manager.
type SecretManagerRevokeRequest ¶ added in v0.5.0
type SecretManagerRevokeRequest struct { // Project is the ID or number of the project where secrets live. Project string // Name is the name of the secret to access. Name string // Members is the list of membership bindings. This should be in the format // described at https://godoc.org/google.golang.org/api/iam/v1#Binding. Members []string }
SecretManagerRevokeRequest is used as input to revoke access to a secret in Secret Manager.
type SecretManagerUpdateRequest ¶ added in v0.5.0
type SecretManagerUpdateRequest struct { // Project is the ID or number of the project from which to update the secret. Project string // Name is the name of the secret to update. Name string // Plaintext is the plaintext to store. Plaintext []byte // CreateIfMissing indicates that the updater should create a secret with the // given parameters if one does not already exist. CreateIfMissing bool }
SecretManagerUpdateRequest is used as input to update a secret using Secret Manager.
type StorageAccessRequest ¶ added in v0.5.0
type StorageAccessRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the object in Cloud Storage. Object string // Generation of the object to fetch Generation int64 }
StorageAccessRequest is used as input to access a secret from Cloud Storage encrypted with Cloud KMS.
type StorageBootstrapRequest ¶ added in v0.5.0
type StorageBootstrapRequest struct { // ProjectID is the ID of the project where the bucket should be created. ProjectID string // Bucket is the name of the bucket where the secret lives. Bucket string // BucketLocation is the location where the bucket should live. BucketLocation string // KMSLocation is the location where the KMS key ring should live. KMSLocation string // KMSKeyRing is the name of the KMS key ring. KMSKeyRing string // KMSCryptoKey is the name of the KMS crypto key. KMSCryptoKey string }
StorageBootstrapRequest is used as input to bootstrap Cloud Storage and Cloud KMS.
type StorageCreateRequest ¶ added in v0.5.0
type StorageCreateRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the object in Cloud Storage. Object string // Key is the fully qualified KMS key id. Key string // Plaintext is the plaintext secret to encrypt and store. Plaintext []byte }
StorageCreateRequest is used as input to create a secret using Cloud Storage encrypted with Cloud KMS.
type StorageDeleteRequest ¶ added in v0.5.0
type StorageDeleteRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the secret in Cloud Storage. Object string }
StorageDeleteRequest is used as input to delete a secret from Cloud Storage.
type StorageGrantRequest ¶ added in v0.5.0
type StorageGrantRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the object in Cloud Storage. Object string // Members is the list of membership bindings. This should be in the format // described at https://godoc.org/google.golang.org/api/iam/v1#Binding. Members []string }
StorageGrantRequest is used as input to grant access to secrets backed Cloud Storage encrypted with Cloud KMS.
type StorageListRequest ¶ added in v0.5.0
type StorageListRequest struct { // Bucket is the name of the bucket where the secrets live. Bucket string // Prefix matches secret names to filter. Prefix string // Generations indicates that all generations of secrets should be listed. Generations bool }
StorageListRequest is used as input to list secrets from Cloud Storage.
type StorageReadRequest ¶ added in v0.5.0
type StorageReadRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the object in Cloud Storage. Object string // Generation of the object to fetch. Generation int64 }
StorageReadRequest is used as input to read a secret from Cloud Storage encrypted with Cloud KMS.
type StorageRevokeRequest ¶ added in v0.5.0
type StorageRevokeRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the object in Cloud Storage. Object string // Members is the list of membership bindings. This should be in the format // described at https://godoc.org/google.golang.org/api/iam/v1#Binding. Members []string }
StorageRevokeRequest is used as input to revoke access to a from Cloud Storage encrypted with Cloud KMS.
type StorageUpdateRequest ¶ added in v0.5.0
type StorageUpdateRequest struct { // Bucket is the name of the bucket where the secret lives. Bucket string // Object is the name of the object in Cloud Storage. Object string // Generation indicates a secret's version. Generation int64 // Key is the fully qualified KMS key id. Key string // Metageneration indicates a secret's metageneration. Metageneration int64 // Plaintext value of the secret. Plaintext []byte // CreateIfMissing indicates that the updater should create a secret with the // given parameters if one does not already exist. CreateIfMissing bool }
StorageUpdateRequest is used as input to update a secret from Cloud Storage encrypted with Cloud KMS.
type UpdateRequest ¶ added in v0.2.0
type UpdateRequest = StorageUpdateRequest
UpdateRequest is an alias for StorageUpdateRequest for backwards-compatibility. New clients should use StorageUpdateRequest.