smcache

package module

v0.3.7 Latest Latest Go to latest Published: Oct 30, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jwendel/smcache

Links

Open Source Insights

README ¶

Overview

SMCache is a Go library to store certificates from Let's Encrypt in GCP Secret Manager. It is an implementation of the Cache within acme autocert that will store data within Google Cloud's Secret Manager.

This is not an official Google product.

Simple Example

import (
	"github.com/jwendel/smcache"
	"golang.org/x/crypto/acme/autocert"
)

func main() {
  m := &autocert.Manager{
      Cache:      smcache.NewSMCache(smcache.Config{ProjectID: "my-project-id", SecretPrefix: "test-"}),
      Prompt:     autocert.AcceptTOS,
      HostPolicy: autocert.HostWhitelist("example.com", "www.example.com"),
  }
  s := &http.Server{
      Addr:         ":https",
      TLSConfig:    m.TLSConfig(),
  }
  panic(s.ListenAndServeTLS("", ""))
}

Detailed Guide to Setting up SMCache

Permission setup in GCP

SMCache requires admin access to the Secret Manager API to function properly. This is configure in the IAM policy for a resource.

Example of enabling this API for Compute Engine:

Go the IAM policy management
Edit the <projectId>-compute@developer.gserviceaccount.com (Compute Engine default service account)
Click Add Another Role, and select Secret Manager Admin.

Bonus Security: if you're paranoid about this resource getting access to other secrets, you can set a condition on the Role we just added.

click Add Condition, then set a name and description for it.
For Conditional Type, select Resource -> Name, Operator: Starts With, and set it to whatever value you want, such as "test-".
- Note: this prefix should be the same as the SecretPrefix you set on the smcache.Config.

Demos

There are 2 demos checked into this repo under example/.

Autocert+Http Example - shows how to use this library with Autocert and the Go HTTP std server.
Simple Example - demos how this library interacts with GCP's Secret Manager.

Other notes

Requires Go >= 1.13.0 (due to use of fmt.Errorf)

Documentation ¶

Overview ¶

Package smcache is an implementation of the Cache within acme autocert that will store data within Google Cloud's Secret Manager.

It uses the Google created GRPC client to communicate with the Secret Manager API, which allows the autocert library to Get/Put/Detelete certificates within Secret Manager.

For more details, see the README.md, which is published at https://github.com/jwendel/smcache

Index ¶

func NewSMCache(config Config) autocert.Cache
type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewSMCache ¶

func NewSMCache(config Config) autocert.Cache

NewSMCache creates a struct that implements the `autocert.Cache` interface. It uses the Config passed in to drive the behavior of this client.

Types ¶

type Config ¶

type Config struct {
	// ProjectID is the GCP Project ID where the Secrets will be stored.
	// This is the "Project ID" as seen in Google Cloud console.
	// Example ID: "my-project-1234".
	// This field is Required.
	ProjectID string

	// SecretPrefix is a string that will be put before the secret name.
	// This is useful for for IAM access control. As well, it's useful
	// for grouping secrets by application.
	// Optional, defaults to no-prefix.
	SecretPrefix string

	// If true, smcache will not delete old SecretVersions of Certificates.
	// If false, when autoert stores a certificate that is already in Secret Manager,
	// smcache will attempt to delete all old versions of that certificate.
	// Optional, defaults to false.
	KeepOldCertificates bool

	// DebugLogging controls if logging is enabled.
	// If true, smcache will log some status messages to log.Prtinf().
	// This will not logany sensitive data, it should just be key
	// names and paths.
	// Optional, defaults to false.
	DebugLogging bool
}

Config is passed into NewSMCache as a way to configure how SMCache will behave through it's lifespan.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
example
autocert Package autocert is a simple demo of use smcache with autocert.	Package autocert is a simple demo of use smcache with autocert.
simple secret-test is a sample app that uses smcache without the autocert library.	secret-test is a sample app that uses smcache without the autocert library.
internal
api
api/mock Package mock_mocks is a generated GoMock package.	Package mock_mocks is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL