azkv

package

v0.0.0-...-cb937e8 Latest Latest Go to latest Published: Jan 25, 2024 License: Apache-2.0, MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/buttahtoast/pkg

Links

Open Source Insights

Documentation ¶

Index ¶

func LoadAADConfigFromBytes(b []byte, s *AADConfig) error
type AADConfig
- func (s AADConfig) GetCloudConfig() cloud.Configuration
type AZConfig
type MasterKey
- func MasterKeyFromURL(url, name, version string) *MasterKey
type Token
- func NewToken(token azcore.TokenCredential) *Token
- func TokenFromAADConfig(c AADConfig) (_ *Token, err error)
- func (t Token) ApplyToMasterKey(key *MasterKey)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadAADConfigFromBytes ¶

func LoadAADConfigFromBytes(b []byte, s *AADConfig) error

LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig. By first decoding it if UTF-16, and then unmarshalling it into the given struct. It returns an error for any failure.

Types ¶

type AADConfig ¶

type AADConfig struct {
	AZConfig
	TenantID                   string `json:"tenantId,omitempty"`
	ClientID                   string `json:"clientId,omitempty"`
	ClientSecret               string `json:"clientSecret,omitempty"`
	ClientCertificate          string `json:"clientCertificate,omitempty"`
	ClientCertificatePassword  string `json:"clientCertificatePassword,omitempty"`
	ClientCertificateSendChain bool   `json:"clientCertificateSendChain,omitempty"`
	AuthorityHost              string `json:"authorityHost,omitempty"`
}

AADConfig contains the selection of fields from an Azure authentication file required for Active Directory authentication.

func (AADConfig) GetCloudConfig ¶

func (s AADConfig) GetCloudConfig() cloud.Configuration

GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the Azure Public Cloud default.

type AZConfig ¶

type AZConfig struct {
	AppID    string `json:"appId,omitempty"`
	Tenant   string `json:"tenant,omitempty"`
	Password string `json:"password,omitempty"`
}

AZConfig contains the Service Principal fields as generated by `az`. Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal

type MasterKey ¶

type MasterKey struct {
	VaultURL string
	Name     string
	Version  string

	EncryptedKey string
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is an Azure Key Vault Key used to Encrypt and Decrypt SOPS' data key.

The underlying authentication token can be configured using TokenFromAADConfig and Token.ApplyToMasterKey().

func MasterKeyFromURL ¶

func MasterKeyFromURL(url, name, version string) *MasterKey

MasterKeyFromURL creates a new MasterKey from a Vault URL, key name, and key version.

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns the result.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with Azure Key Vault, and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

type Token ¶

type Token struct {
	// contains filtered or unexported fields
}

Token is an azcore.TokenCredential used for authenticating towards Azure Key Vault.

func NewToken ¶

func NewToken(token azcore.TokenCredential) *Token

NewToken creates a new Token with the provided azcore.TokenCredential.

func TokenFromAADConfig ¶

func TokenFromAADConfig(c AADConfig) (_ *Token, err error)

TokenFromAADConfig attempts to construct a Token using the AADConfig values. It detects credentials in the following order:

azidentity.ClientSecretCredential when `tenantId`, `clientId` and `clientSecret` fields are found.
azidentity.ClientCertificateCredential when `tenantId`, `clientCertificate` (and optionally `clientCertificatePassword`) fields are found.
azidentity.ClientSecretCredential when AZConfig fields are found.
azidentity.ManagedIdentityCredential for a User ID, when a `clientId` field but no `tenantId` is found.

If no set of credentials is found or the azcore.TokenCredential can not be created, an error is returned.

func (Token) ApplyToMasterKey ¶

func (t Token) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the Token on the provided key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL