agentlib

func LoadPrincipal ¶

func LoadPrincipal(credsDir string) (agent.Principal, error)

LoadPrincipal loads a principal (private key, BlessingRoots, BlessingStore) from the provided directory using the security agent. If an agent serving the principal is not present, a new one is started as a separate daemon process. The new agent may use os.Stdin and os.Stdout in order to fetch a private key decryption passphrase. If an agent serving the principal is not found and a new one cannot be started, LoadPrincipal tries to load the principal in the current process' address space, which will be exclusive for this process; if that fails too (for example, because the principal is encrypted), an error is returned. The caller should call Close on the returned Principal once it's no longer used, in order to free up resources and allow the agent to terminate once it has no more clients.

func NewAgentPrincipal ¶

func NewAgentPrincipal(path string, timeout time.Duration) (agent.Principal, error)

NewAgentPrincipal returns a security.Pricipal using the PrivateKey held in a remote agent process.

'path' is the path to the agent socket, typically obtained from os.GetEnv(envvar.AgentAddress).

'timeout' specifies how long to retry connecting to the socket if it's not ready.

The caller should call Close on the returned Principal once it's no longer used, in order to free up resources.

func NewAgentPrincipalX ¶

func NewAgentPrincipalX(path string) (agent.Principal, error)

NewAgentPrincipalX returns a security.Pricipal using the PrivateKey held in a remote agent process.

'path' is the path to the agent socket, typically obtained from os.GetEnv(envvar.AgentAddress). If the socket is not ready, NewAgentPrincipalX retries for a minute before giving up.

The caller should call Close on the returned Principal once it's no longer used, in order to free up resources.