skipper: github.com/zalando/skipper/secrets Index | Files | Directories

package secrets

import "github.com/zalando/skipper/secrets"

Package secrets implements features we need to create, get, update, rotate secrets and encryption decryption across a fleet of skipper instances.

Index

Package Files

doc.go encrypter.go file.go readers.go registry.go

Variables

var (
    ErrAlreadyExists    = errors.New("secret already exists")
    ErrWrongFileType    = errors.New("file type not supported")
    ErrFailedToReadFile = errors.New("failed to read file")
)

type Encrypter Uses

type Encrypter struct {
    // contains filtered or unexported fields
}

func WithSource Uses

func WithSource(s SecretSource) (*Encrypter, error)

WithSource can be used to create an Encrypter, for example in secrettest for testing purposes.

func (*Encrypter) Close Uses

func (e *Encrypter) Close()

func (*Encrypter) CreateNonce Uses

func (e *Encrypter) CreateNonce() ([]byte, error)

func (*Encrypter) Decrypt Uses

func (e *Encrypter) Decrypt(cipherText []byte) ([]byte, error)

Decrypt decrypts given cipher text

func (*Encrypter) Encrypt Uses

func (e *Encrypter) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts given plaintext

func (*Encrypter) RefreshCiphers Uses

func (e *Encrypter) RefreshCiphers() error

RefreshCiphers rotates the list of cipher.AEAD initialized with SecretSource from the Encrypter.

type EncrypterCreator Uses

type EncrypterCreator interface {
    GetEncrypter(time.Duration, string) (Encryption, error)
}

type Encryption Uses

type Encryption interface {
    CreateNonce() ([]byte, error)
    Decrypt([]byte) ([]byte, error)
    Encrypt([]byte) ([]byte, error)
    Close()
}

type HostSecret Uses

type HostSecret struct {
    // contains filtered or unexported fields
}

HostSecret can be used to get secrets by hostnames.

func NewHostSecret Uses

func NewHostSecret(sr SecretsReader, h map[string]string) *HostSecret

NewHostSecret create a SecretsReader that returns a secret for given host. The given map is used to map hostname to the secrets reader key to read the secret from.

func (*HostSecret) Close Uses

func (hs *HostSecret) Close()

func (*HostSecret) GetSecret Uses

func (hs *HostSecret) GetSecret(s string) ([]byte, bool)

GetSecret returns secret for given URL string using the hostname.

type Registry Uses

type Registry struct {
    // contains filtered or unexported fields
}

func NewRegistry Uses

func NewRegistry() *Registry

NewRegistry returns a Registry and implements EncrypterCreator to store and manage secrets

func (*Registry) Close Uses

func (r *Registry) Close()

Close will close all Encryption of the Registry

func (*Registry) GetEncrypter Uses

func (r *Registry) GetEncrypter(refreshInterval time.Duration, file string) (Encryption, error)

type SecretPaths Uses

type SecretPaths struct {
    // contains filtered or unexported fields
}

func NewSecretPaths Uses

func NewSecretPaths(d time.Duration) *SecretPaths

NewSecretPaths creates a SecretPaths, that implements a SecretsProvider. It runs every d interval background refresher as a side effect. On tear down make sure to Close() it.

func (*SecretPaths) Add Uses

func (sp *SecretPaths) Add(p string) error

Add adds a file or directory to find secrets in all files found. The basename of the file will be the key to get the secret. Add is not synchronized and is not safe to call concurrently. Add has a side effect of lazily init a goroutine to start a single background refresher for the SecretPaths instance.

func (*SecretPaths) Close Uses

func (sp *SecretPaths) Close()

func (*SecretPaths) GetSecret Uses

func (sp *SecretPaths) GetSecret(s string) ([]byte, bool)

GetSecret returns secret and if found or not for a given name.

type SecretSource Uses

type SecretSource interface {
    GetSecret() ([][]byte, error)
}

SecretSource

type SecretsProvider Uses

type SecretsProvider interface {
    SecretsReader
    // Add adds the given source that contains a secret to the
    // automatically updated secrets store
    Add(string) error
}

SecretsProvider is a SecretsReader and can add secret sources that contain a secret. It will automatically update secrets if the source changed.

type SecretsReader Uses

type SecretsReader interface {
    // GetSecret finds secret by name and returns secret and if found or not
    GetSecret(string) ([]byte, bool)
    // Close should be used on teardown to cleanup a refresher
    // goroutine. Implementers should check of this interface
    // should check nil pointer, such that caller do not need to
    // check.
    Close()
}

SecretsReader is able to get a secret

type StaticDelegateSecret Uses

type StaticDelegateSecret struct {
    // contains filtered or unexported fields
}

StaticDelegateSecret delegates with a static string to the wrapped SecretsReader

func NewStaticDelegateSecret Uses

func NewStaticDelegateSecret(sr SecretsReader, s string) *StaticDelegateSecret

NewStaticDelegateSecret creates a wrapped SecretsReader, that use given s to the underlying SecretsReader to return the secret.

func (*StaticDelegateSecret) Close Uses

func (sds *StaticDelegateSecret) Close()

Close delegates to the wrapped SecretsReader.

func (*StaticDelegateSecret) GetSecret Uses

func (sds *StaticDelegateSecret) GetSecret(string) ([]byte, bool)

GetSecret returns the secret looked up by the static key via delegated SecretsReader.

type StaticSecret Uses

type StaticSecret []byte

StaticSecret implements SecretsReader interface. Example:

sec := []byte("mysecret")
sss := StaticSecret(sec)
b,_ := sss.GetSecret("")
string(b) == sec // true

func (StaticSecret) Close Uses

func (st StaticSecret) Close()

Close implements SecretsReader.

func (StaticSecret) GetSecret Uses

func (st StaticSecret) GetSecret(string) ([]byte, bool)

GetSecret returns the static secret

Directories

PathSynopsis
secrettest

Package secrets imports 16 packages (graph) and is imported by 9 packages. Updated 2020-02-23. Refresh now. Tools for package owners.