secrets

package

v0.0.0-...-fbcd7f5 Latest Latest Go to latest Published: Jul 27, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyma-project/test-infra

Documentation ¶

Index ¶

type API
type APIWrapper
- func (caw *APIWrapper) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)
- func (caw *APIWrapper) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)
type Client
- func New(opts Option, api API) (*Client, error)
- func NewClinet(ctx context.Context, opts Option, credentials string) (*Client, error)
- func (sc *Client) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)
- func (sc *Client) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)
type Option

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type API ¶

type API interface {
	Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)
	Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)
}

API provides a mockable interface for the GCP api. Find the implementation of the GCP wrapped API in wrapped.go

type APIWrapper ¶

type APIWrapper struct {
	ProjectID  string
	LocationID string
	KmsRing    string
	KmsKey     string
	KmsClient  *kms.KeyManagementClient
}

APIWrapper wraps the GCP api

func (*APIWrapper) Decrypt ¶

func (caw *APIWrapper) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)

Decrypt calls the wrapped GCP api to decrypt a secret

func (*APIWrapper) Encrypt ¶

func (caw *APIWrapper) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)

Encrypt calls the wrapped GCP api to encrypt a secret

type Client ¶

type Client struct {
	Option
	// contains filtered or unexported fields
}

Client wrapper for KMS and GCS secret storage

func New ¶

func New(opts Option, api API) (*Client, error)

New returns a new Client, wrapping kms and gcs for storing/reading encrypted secrets from GCP

func NewClinet ¶

func NewClinet(ctx context.Context, opts Option, credentials string) (*Client, error)

func (*Client) Decrypt ¶

func (sc *Client) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error)

Decrypt attempts to decrypt a secret with kms

func (*Client) Encrypt ¶

func (sc *Client) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error)

Encrypt attempts to encrypt a secret with kms

type Option ¶

type Option struct {
	ProjectID      string
	LocationID     string
	KmsRing        string
	KmsKey         string
	ServiceAccount string // filename of the serviceaccount to use
}

Option wrapper for relevant Options for the client

func (Option) WithKmsKey ¶

func (o Option) WithKmsKey(key string) Option

WithKmsKey modifies option to have a kms key

func (Option) WithKmsRing ¶

func (o Option) WithKmsRing(ring string) Option

WithKmsRing modifies option to have a kms ring

func (Option) WithLocationID ¶

func (o Option) WithLocationID(l string) Option

WithLocationID modifies option to have a zone id

func (Option) WithProjectID ¶

func (o Option) WithProjectID(pid string) Option

WithProjectID modifies option to have a project id

func (Option) WithServiceAccount ¶

func (o Option) WithServiceAccount(sa string) Option

WithServiceAccount modifies option to have a service account

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
automock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL