secrets

package

v0.14.46 Latest Latest Go to latest Published: Feb 14, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/m-lab/locate

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secrets loads secrets from the Google Cloud Secret Manager.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Project string
	// contains filtered or unexported fields
}

Config contains settings for secrets.

func NewConfig ¶

func NewConfig(project string) *Config

NewConfig creates a new secret config.

func (*Config) LoadPrometheus ¶ added in v0.13.0

func (c *Config) LoadPrometheus(ctx context.Context, client SecretClient, user, pass string) (*prometheus.Credentials, error)

LoadPrometheus fetches the latest version of the named secrets containing the Prometheus username and password. It returns a *prometheus.Credentials object.

func (*Config) LoadSigner ¶

func (c *Config) LoadSigner(ctx context.Context, client SecretClient, name string) (*token.Signer, error)

LoadSigner fetches the oldest enabled version of the named secret containing the JWT signer key from the Secret Manager API and returns a *token.Signer.

func (*Config) LoadVerifier ¶

func (c *Config) LoadVerifier(ctx context.Context, client SecretClient, name string) (*token.Verifier, error)

LoadVerifier fetches all enabled versions of the named secret containing the JWT verifier keys and returns a * token.Verifier.

type LocalConfig ¶ added in v0.9.0

type LocalConfig struct{}

LocalConfig supports loading signer and verifier keys from a local file rather than from secretmanager.

func NewLocalConfig ¶ added in v0.9.0

func NewLocalConfig() *LocalConfig

NewLocalConfig creates a new instance for loading local signer and verifier keys.

func (*LocalConfig) LoadPrometheus ¶ added in v0.13.0

func (c *LocalConfig) LoadPrometheus(ctx context.Context, client SecretClient, user, pass string) (*prometheus.Credentials, error)

LoadPrometheus reads the username and password secrets from the named files. The client parameter is ignored.

func (*LocalConfig) LoadSigner ¶ added in v0.9.0

func (c *LocalConfig) LoadSigner(ctx context.Context, client SecretClient, name string) (*token.Signer, error)

LoadSigner reads the secret from the named file. The client parameter is ignored.

func (*LocalConfig) LoadVerifier ¶ added in v0.9.0

func (c *LocalConfig) LoadVerifier(ctx context.Context, client SecretClient, name string) (*token.Verifier, error)

LoadVerifier reads the secret from the named file. The client parameter is ignored.

type SecretClient ¶

type SecretClient interface {
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
	ListSecretVersions(ctx context.Context, req *secretmanagerpb.ListSecretVersionsRequest, opts ...gax.CallOption) *secretmanager.SecretVersionIterator
}

SecretClient wraps the AccessSecretVersion function provided by the secretmanager.Client.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL