decryptor

package

v2.24.1 Latest Latest Go to latest Published: Apr 10, 2024 License: Apache-2.0 Imports: 25 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kluctl/kluctl

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
func IsEncryptedSecret(object *unstructured.Unstructured) bool
func IsOfflineMethod(mk keys.MasterKey) bool
type Decryptor
- func NewDecryptor(root string, maxFileSize int64) *Decryptor

Constants ¶

View Source

const (
	// MaxEncryptedFileSize is the max allowed file size in bytes of an encrypted
	// file.
	MaxEncryptedFileSize int64 = 5 << 20
)

Variables ¶

This section is empty.

Functions ¶

func IsEncryptedSecret ¶

func IsEncryptedSecret(object *unstructured.Unstructured) bool

IsEncryptedSecret checks if the given object is a Kubernetes Secret encrypted with Mozilla SOPS.

func IsOfflineMethod ¶

func IsOfflineMethod(mk keys.MasterKey) bool

IsOfflineMethod returns true for offline decrypt methods or false otherwise

Types ¶

type Decryptor ¶

type Decryptor struct {
	// contains filtered or unexported fields
}

Decryptor performs decryption operations for a kluctlv1.KluctlDeployment. The only supported decryption provider at present is DecryptionProviderSOPS.

func NewDecryptor ¶

func NewDecryptor(root string, maxFileSize int64) *Decryptor

NewDecryptor creates a new Decryptor for the given kluctlDeployment. gnuPGHome can be empty, in which case the systems' keyring is used.

func (*Decryptor) AddKeyServiceClient ¶

func (d *Decryptor) AddKeyServiceClient(s keyservice.KeyServiceClient)

func (*Decryptor) AddLocalKeyService ¶

func (d *Decryptor) AddLocalKeyService()

func (*Decryptor) DecryptEnvSources ¶

func (d *Decryptor) DecryptEnvSources(path string) error

DecryptEnvSources attempts to decrypt all types.SecretArgs FileSources and EnvSources a Kustomization file in the directory at the provided path refers to, before walking recursively over all other resources it refers to. It ignores resource references which refer to absolute or relative paths outside the working directory of the decryptor, but returns any decryption error.

func (*Decryptor) DecryptResource ¶

func (d *Decryptor) DecryptResource(res *resource.Resource) (*resource.Resource, error)

DecryptResource attempts to decrypt the provided resource overwriting the resource with the decrypted data. It has special support for Kubernetes Secrets with encrypted data entries while decrypting with DecryptionProviderSOPS, to allow individual data entries injected by e.g. a Kustomize secret generator to be decrypted

func (*Decryptor) SopsDecryptWithFormat ¶

func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) (_ []byte, err error)

SopsDecryptWithFormat attempts to load a SOPS encrypted file using the store for the input format, gathers the data key for it from the key service, and then decrypts the file data with the retrieved data key. It returns the decrypted bytes in the provided output format, or an error.

Source Files ¶

View all Source files

decryptor.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL