Documentation
¶
Index ¶
- Constants
- func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error)
- func IsMaybeSopsFile(s []byte) bool
- func LoadAADConfigFromBytes(b []byte, s *AADConfig) error
- func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error)
- func MaybeDecrypt(decrypter *decryptor.Decryptor, encrypted []byte, ...) ([]byte, bool, error)
- func MaybeDecryptFile(decrypter *decryptor.Decryptor, path string) error
- func MaybeDecryptFileTo(decrypter *decryptor.Decryptor, path string, to string) error
- func MaybeDecryptFileToTmp(ctx context.Context, decrypter *decryptor.Decryptor, path string) (string, error)
- func NewDecryptingFs(fs filesys.FileSystem, decryptor *decryptor.Decryptor) filesys.FileSystem
- func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error)
- type AADConfig
- type AZConfig
Constants ¶
const ( // DecryptionPGPExt is the extension of the file containing an armored PGP // key. DecryptionPGPExt = ".asc" // DecryptionAgeExt is the extension of the file containing an age key // file. DecryptionAgeExt = ".agekey" // DecryptionVaultTokenFileName is the name of the file containing the // Hashicorp Vault token. DecryptionVaultTokenFileName = "sops.vault-token" // DecryptionAWSKmsFile is the name of the file containing the AWS KMS // credentials. DecryptionAWSKmsFile = "sops.aws-kms" // DecryptionAzureAuthFile is the name of the file containing the Azure // credentials. DecryptionAzureAuthFile = "sops.azure-kv" // DecryptionGCPCredsFile is the name of the file containing the GCP // credentials. DecryptionGCPCredsFile = "sops.gcp-kms" )
Variables ¶
This section is empty.
Functions ¶
func BuildSopsKeyServerFromSecret ¶ added in v2.22.0
func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error)
func IsMaybeSopsFile ¶
func LoadAADConfigFromBytes ¶ added in v2.22.0
LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig. By first decoding it if UTF-16, and then unmarshalling it into the given struct. It returns an error for any failure.
func LoadCredsProviderFromYaml ¶ added in v2.22.0
func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error)
LoadCredsProviderFromYaml parses the given YAML returns a CredsProvider object which contains the credentials provider used for authenticating towards AWS KMS.
func MaybeDecrypt ¶
func MaybeDecryptFileTo ¶
func MaybeDecryptFileToTmp ¶
func NewDecryptingFs ¶ added in v2.20.0
func NewDecryptingFs(fs filesys.FileSystem, decryptor *decryptor.Decryptor) filesys.FileSystem
func TokenFromAADConfig ¶ added in v2.22.0
func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error)
TokenFromAADConfig attempts to construct a Token using the AADConfig values. It detects credentials in the following order:
- azidentity.ClientSecretCredential when `tenantId`, `clientId` and `clientSecret` fields are found.
- azidentity.ClientCertificateCredential when `tenantId`, `clientCertificate` (and optionally `clientCertificatePassword`) fields are found.
- azidentity.ClientSecretCredential when AZConfig fields are found.
- azidentity.ManagedIdentityCredential for a User ID, when a `clientId` field but no `tenantId` is found.
If no set of credentials is found or the azcore.TokenCredential can not be created, an error is returned.
Types ¶
type AADConfig ¶ added in v2.22.0
type AADConfig struct {
AZConfig
TenantID string `json:"tenantId,omitempty"`
ClientID string `json:"clientId,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
ClientCertificate string `json:"clientCertificate,omitempty"`
ClientCertificatePassword string `json:"clientCertificatePassword,omitempty"`
ClientCertificateSendChain bool `json:"clientCertificateSendChain,omitempty"`
AuthorityHost string `json:"authorityHost,omitempty"`
}
AADConfig contains the selection of fields from an Azure authentication file required for Active Directory authentication.
func (AADConfig) GetCloudConfig ¶ added in v2.22.0
func (s AADConfig) GetCloudConfig() cloud.Configuration
GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the Azure Public Cloud default.
type AZConfig ¶ added in v2.22.0
type AZConfig struct {
AppID string `json:"appId,omitempty"`
Tenant string `json:"tenant,omitempty"`
Password string `json:"password,omitempty"`
}
AZConfig contains the Service Principal fields as generated by `az`. Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal
Source Files
Directories