skipper: Index | Files | Directories

package secrets

import ""

Package secrets implements features we need to create, get, update, rotate secrets and encryption decryption across a fleet of skipper instances.


Package Files

doc.go encrypter.go file.go registry.go


var (
    ErrAlreadyExists    = errors.New("secret already exists")
    ErrWrongFileType    = errors.New("file type not supported")
    ErrFailedToReadFile = errors.New("failed to read file")

type Encrypter Uses

type Encrypter struct {
    // contains filtered or unexported fields

func WithSource Uses

func WithSource(s SecretSource) (*Encrypter, error)

WithSource can be used to create an Encrypter, for example in secrettest for testing purposes.

func (*Encrypter) Close Uses

func (e *Encrypter) Close()

func (*Encrypter) CreateNonce Uses

func (e *Encrypter) CreateNonce() ([]byte, error)

func (*Encrypter) Decrypt Uses

func (e *Encrypter) Decrypt(cipherText []byte) ([]byte, error)

Decrypt decrypts given cipher text

func (*Encrypter) Encrypt Uses

func (e *Encrypter) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts given plaintext

func (*Encrypter) RefreshCiphers Uses

func (e *Encrypter) RefreshCiphers() error

RefreshCiphers rotates the list of cipher.AEAD initialized with SecretSource from the Encrypter.

type Encryption Uses

type Encryption interface {
    CreateNonce() ([]byte, error)
    Decrypt([]byte) ([]byte, error)
    Encrypt([]byte) ([]byte, error)

type Registry Uses

type Registry struct {
    // contains filtered or unexported fields

func NewRegistry Uses

func NewRegistry() *Registry

NewRegistry returns a Registry to store and manage secrets

func (*Registry) Close Uses

func (r *Registry) Close()

Close will close all Encryption of the Registry

func (*Registry) NewEncrypter Uses

func (r *Registry) NewEncrypter(refreshInterval time.Duration, file string) (Encryption, error)

type SecretPaths Uses

type SecretPaths struct {
    // contains filtered or unexported fields

func NewSecretPaths Uses

func NewSecretPaths(d time.Duration) *SecretPaths

NewSecretPaths creates a SecretPaths, that implements a SecretsProvider. It runs every d interval background refresher as a side effect. On tear down make sure to Close() it.

func (*SecretPaths) Add Uses

func (sp *SecretPaths) Add(p string) error

Add adds a file or directory to find secrets in all files found. The basename of the file will be the key to get the secret. Add is not synchronized and is not safe to call concurrently. Add has a side effect of lazily init a goroutine to start a single background refresher for the SecretPaths instance.

func (*SecretPaths) Close Uses

func (sp *SecretPaths) Close()

func (*SecretPaths) GetSecret Uses

func (sp *SecretPaths) GetSecret(s string) ([]byte, bool)

GetSecret returns secret and if found or not for a given name.

type SecretSource Uses

type SecretSource interface {
    GetSecret() ([][]byte, error)


type SecretsProvider Uses

type SecretsProvider interface {
    // Add adds the given source that contains a secret to the
    // automatically updated secrets store
    Add(string) error

SecretsProvider is a SecretsReader and can add secret sources that contain a secret. It will automatically update secrets if the source changed.

type SecretsReader Uses

type SecretsReader interface {
    // GetSecret finds secret by name and returns secret and if found or not
    GetSecret(string) ([]byte, bool)

SecretsReader is able to get a secret



Package secrets imports 15 packages (graph) and is imported by 6 packages. Updated 2019-08-12. Refresh now. Tools for package owners.