s3

package module
v0.0.0-...-077323f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

README

Certmagic Storage Backend for S3

This library allows you to use any S3-compatible provider as key/certificate storage backend for your Certmagic-enabled HTTPS server. To protect your keys from unwanted attention, client-side encryption using secretbox is possible.

What is a S3-compatible service?

In the current state, any service must support the following:

  • v4 Signatures
  • HTTPS
  • A few basic operations:
    • Bucket Exists
    • Get Object
    • Put Object
    • Remove Object
    • Stat Object
    • List Objects

Known good providers/software:

  • Minio (with HTTPS enabled)
  • Backblaze
  • OVH

Credit

This project was forked from @thomersch's wonderful Certmagic Storage Backend for Generic S3 Providers repository.

License

This project is licensed under Apache 2.0, an open source license.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	LockExpiration   = 2 * time.Minute
	LockPollInterval = 1 * time.Second
	LockTimeout      = 15 * time.Second
)

Functions

This section is empty.

Types

type CleartextIO

type CleartextIO struct{}

func (*CleartextIO) ByteReader

func (ci *CleartextIO) ByteReader(buf []byte) Reader

func (*CleartextIO) WrapReader

func (ci *CleartextIO) WrapReader(r io.Reader) io.Reader

type IO

type IO interface {
	WrapReader(io.Reader) io.Reader
	ByteReader([]byte) Reader
}

type Reader

type Reader struct {
	// contains filtered or unexported fields
}

func (*Reader) Len

func (r *Reader) Len() int64

func (Reader) Read

func (r Reader) Read(buf []byte) (int, error)

type S3

type S3 struct {
	Logger *zap.Logger

	// S3
	Client    *minio.Client
	Host      string `json:"host"`
	Bucket    string `json:"bucket"`
	AccessKey string `json:"access_key"`
	SecretKey string `json:"secret_key"`
	Prefix    string `json:"prefix"`

	// EncryptionKey is optional. If you do not wish to encrypt your certficates and key inside the S3 bucket, leave it empty.
	EncryptionKey string `json:"encryption_key"`
	// contains filtered or unexported fields
}

func (*S3) CaddyModule

func (s3 *S3) CaddyModule() caddy.ModuleInfo

func (*S3) CertMagicStorage

func (s3 *S3) CertMagicStorage() (certmagic.Storage, error)

CertMagicStorage converts s to a certmagic.Storage instance.

func (*S3) Delete

func (s3 *S3) Delete(ctx context.Context, key string) error

func (*S3) Exists

func (s3 *S3) Exists(ctx context.Context, key string) bool

func (*S3) List

func (s3 *S3) List(ctx context.Context, prefix string, recursive bool) ([]string, error)

func (*S3) Load

func (s3 *S3) Load(ctx context.Context, key string) ([]byte, error)

func (*S3) Lock

func (s3 *S3) Lock(ctx context.Context, key string) error

func (*S3) Provision

func (s3 *S3) Provision(context caddy.Context) error

func (*S3) Stat

func (s3 *S3) Stat(ctx context.Context, key string) (certmagic.KeyInfo, error)

func (*S3) Store

func (s3 *S3) Store(ctx context.Context, key string, value []byte) error

func (*S3) Unlock

func (s3 *S3) Unlock(ctx context.Context, key string) error

func (*S3) UnmarshalCaddyfile

func (s3 *S3) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

type SecretBoxIO

type SecretBoxIO struct {
	SecretKey [32]byte
}

func (*SecretBoxIO) ByteReader

func (sb *SecretBoxIO) ByteReader(msg []byte) Reader

func (*SecretBoxIO) WrapReader

func (sb *SecretBoxIO) WrapReader(r io.Reader) io.Reader

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL