backends

package
v0.0.0-...-b58264c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 1, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var GCPPath, _ = regexp.Compile(`projects/(?P<projectid>.+)/secrets/(?P<secretid>.+)`)
View Source 
var IBMPath, _ = regexp.Compile(`ibmcloud/(?P<type>.+)/secrets/groups/(?P<groupId>.+)`)

Functions

This section is empty.

Types

type AWSSecretsManager 

type AWSSecretsManager struct {
	Client secretsmanageriface.SecretsManagerAPI
}

AWSSecretsManager is a struct for working with a AWS Secrets Manager backend

func NewAWSSecretsManagerBackend 

func NewAWSSecretsManagerBackend(client secretsmanageriface.SecretsManagerAPI) *AWSSecretsManager

NewAWSSecretsManagerBackend initializes a new AWS Secrets Manager backend

func (*AWSSecretsManager) GetIndividualSecret 

func (a *AWSSecretsManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For AWS, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*AWSSecretsManager) GetSecrets 

func (a *AWSSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from aws secrets manager and returns the formatted data

func (*AWSSecretsManager) Login 

func (a *AWSSecretsManager) Login() error

Login does nothing as a "login" is handled on the instantiation of the aws sdk

type AzureKeyVault 

type AzureKeyVault struct {
	Client keyvault.BaseClient
}

AzureKeyVault is a struct for working with an Azure Key Vault backend

func NewAzureKeyVaultBackend 

func NewAzureKeyVaultBackend(client keyvault.BaseClient) *AzureKeyVault

NewAzureKeyVaultBackend initializes a new Azure Key Vault backend

func (*AzureKeyVault) GetIndividualSecret 

func (a *AzureKeyVault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Azure Key Vault, `kvpath` is the unique name of your vault Secrets (placeholders) are directly addressable via the API, so only one call is needed here

func (*AzureKeyVault) GetSecrets 

func (a *AzureKeyVault) GetSecrets(kvpath string, version string, _ map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from Azure Key Vault and returns the formatted data For Azure Key Vault, `kvpath` is the unique name of your vault

func (*AzureKeyVault) Login 

func (a *AzureKeyVault) Login() error

Login does nothing as a "login" is handled on the instantiation of the Azure SDK

type GCPSecretManager 

type GCPSecretManager struct {
	Context context.Context
	Client  SecretManagerClient
}

GCPSecretManager is a struct for working with a GCP Secret Manager backend

func NewGCPSecretManagerBackend 

func NewGCPSecretManagerBackend(ctx context.Context, client SecretManagerClient) *GCPSecretManager

NewGCPSecretManagerBackend initializes a new GCP Secret Manager backend

func (*GCPSecretManager) GetIndividualSecret 

func (a *GCPSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For GCP, the path is specific to the secret So, we just forward the value from the k/v result of GetSecrets

func (*GCPSecretManager) GetSecrets 

func (a *GCPSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from GCP Secret Manager and returns the formatted data The path is of format `projects/project-id/secrets/secret-id`

func (*GCPSecretManager) Login 

func (a *GCPSecretManager) Login() error

Login does nothing as a "login" is handled on the instantiation of the Google SDK

type IBMSecretsManager 

type IBMSecretsManager struct {
	Client IBMSecretsManagerClient
	// contains filtered or unexported fields
}

IBMSecretsManager is a struct for working with IBM Secret Manager

func NewIBMSecretsManagerBackend 

func NewIBMSecretsManagerBackend(client IBMSecretsManagerClient) *IBMSecretsManager

NewIBMSecretsManagerBackend initializes a new IBM Secret Manager backend

func (*IBMSecretsManager) GetIndividualSecret 

func (i *IBMSecretsManager) GetIndividualSecret(kvpath, secretName, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend This requires listing the secrets of the group to obtain the id, and then using that to grab the one secret's payload

func (*IBMSecretsManager) GetSecrets 

func (i *IBMSecretsManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets returns the data for all secrets of a specific type of a group in IBM Secrets Manager

func (*IBMSecretsManager) Login 

func (i *IBMSecretsManager) Login() error

Login does nothing since the IBM Secrets Manager client is setup on instantiation

type IBMSecretsManagerClient 

type IBMSecretsManagerClient interface {
	ListAllSecrets(listAllSecretsOptions *ibmsm.ListAllSecretsOptions) (result *ibmsm.ListSecrets, response *core.DetailedResponse, err error)
	GetSecret(getSecretOptions *ibmsm.GetSecretOptions) (result *ibmsm.GetSecret, response *core.DetailedResponse, err error)
	GetSecretVersion(getSecretOptions *ibmsm.GetSecretVersionOptions) (result *ibmsm.GetSecretVersion, response *core.DetailedResponse, err error)
}

IBMSecretsManagerClient is an interface for any client to the IBM Secrets Manager These are only the methods we need

type LocalSecretManager 

type LocalSecretManager struct {
	Decrypt decryptFunc
}

LocalSecretManager is a struct for working with local files Receives a function that knows how to decrypt the file, f.ex. using sops

func NewLocalSecretManagerBackend 

func NewLocalSecretManagerBackend(decrypt decryptFunc) *LocalSecretManager

NewLocalSecretManagerBackend initializes a new local secret backend

func (*LocalSecretManager) GetIndividualSecret 

func (a *LocalSecretManager) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the backend For local secrets, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*LocalSecretManager) GetSecrets 

func (a *LocalSecretManager) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets using decrypt function and returns the formatted data

func (*LocalSecretManager) Login 

func (a *LocalSecretManager) Login() error

Login does nothing as a "login" is handled by environment

type OnePasswordConnect 

type OnePasswordConnect struct {
	Client connect.Client
}

OnePassword is a struct for working with a 1Password Connect backend

func NewOnePasswordConnectBackend 

func NewOnePasswordConnectBackend(client connect.Client) *OnePasswordConnect

NewOnePasswordConnectBackend initializes a new 1Password Connect backend

func (*OnePasswordConnect) GetIndividualSecret 

func (a *OnePasswordConnect) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the 1Password connect backend For 1Password, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*OnePasswordConnect) GetSecrets 

func (a *OnePasswordConnect) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from 1Password Connect server and returns the formatted data

func (*OnePasswordConnect) Login 

func (a *OnePasswordConnect) Login() error

Login does nothing as a "login" is handled on the instantiation of the 1Password Connect SDK

type SecretManagerClient 

type SecretManagerClient interface {
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
}

type Vault 

type Vault struct {
	types.AuthType
	VaultClient *api.Client
	KvVersion   string
}

Vault is a struct for working with a Vault backend

func NewVaultBackend 

func NewVaultBackend(auth types.AuthType, client *api.Client, kv string) *Vault

NewVaultBackend initializes a new Vault Backend

func (*Vault) GetIndividualSecret 

func (v *Vault) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the SM backend For Vault, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed So, we use GetSecrets and extract the specific placeholder we want

func (*Vault) GetSecrets 

func (v *Vault) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from vault and returns the formatted data

func (*Vault) Login 

func (v *Vault) Login() error

Login authenticates with the auth type provided

type YandexCloudLockbox 

type YandexCloudLockbox struct {
	// contains filtered or unexported fields
}

YandexCloudLockbox is a struct for working with a Yandex Cloud lockbox backend

func NewYandexCloudLockboxBackend 

func NewYandexCloudLockboxBackend(client lockbox.PayloadServiceClient) *YandexCloudLockbox

NewYandexCloudLockboxBackend initializes a new Yandex Cloud lockbox backend

func (*YandexCloudLockbox) GetIndividualSecret 

func (ycl *YandexCloudLockbox) GetIndividualSecret(secretID, key, version string, _ map[string]string) (interface{}, error)

GetIndividualSecret will get the specific secret (placeholder) from the lockbox backend

func (*YandexCloudLockbox) GetSecrets 

func (ycl *YandexCloudLockbox) GetSecrets(secretID string, version string, _ map[string]string) (map[string]interface{}, error)

GetSecrets gets secrets from lockbox and returns the formatted data

func (*YandexCloudLockbox) Login 

func (ycl *YandexCloudLockbox) Login() error

Login does nothing as a "login" is handled on the instantiation of the lockbox

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.