secrets

package module
v0.75.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2026 License: Apache-2.0 Imports: 0 Imported by: 5

Documentation

Overview

Package secrets decodes secret values by invoking the configured executable command

Index

Constants

View Source 
const PayloadVersion = "1.1"

PayloadVersion defines the current payload version sent to a secret backend

Variables

This section is empty.

Functions

This section is empty.

Types

type Component 

type Component interface {
	// Configure the executable command that is used for decoding secrets
	Configure(config ConfigParams)
	// Resolve resolves the secrets in the given yaml data by replacing secrets handles by their corresponding secret value.
	//
	// Setting 'notify' to true will send notifications for any resolve secrets. This is meant for callers that when
	// to replace handle themselves in memory. only the configuration requires this at the moment.
	Resolve(data []byte, origin string, imageName string, kubeNamespace string, notify bool) ([]byte, error)
	// SubscribeToChanges registers a callback to be invoked whenever secrets are resolved or refreshed
	SubscribeToChanges(callback SecretChangeCallback)
	// Refresh will resolve secret handles again, notifying any subscribers of changed values.
	// If updateNow is true, the function performs the refresh immediately and blocks, returning an informative message suitable for user display.
	// If updateNow is false, the function will asynchronously perform a refresh, and may fail to refresh due to throttling. No message is returned, just an empty string.
	Refresh(updateNow bool) (string, error)
	// RemoveOrigin removes a origin from the internal cache of the secret component. This does not remove secrets
	// from the cache but the reference where those secrets are used.
	RemoveOrigin(origin string)
}

Component is the component type.

type ConfigParams 

type ConfigParams struct {
	Type                         string
	Config                       map[string]interface{}
	Command                      string
	Arguments                    []string
	Timeout                      int
	MaxSize                      int
	RefreshInterval              int
	RefreshIntervalScatter       bool
	GroupExecPerm                bool
	RemoveLinebreak              bool
	RunPath                      string
	AuditFileMaxSize             int
	ScopeIntegrationToNamespace  bool
	AllowedNamespace             []string
	ImageToHandle                map[string][]string
	APIKeyFailureRefreshInterval int
}

ConfigParams holds parameters for configuration

type SecretChangeCallback 

type SecretChangeCallback func(handle, origin string, path []string, oldValue, newValue any)

SecretChangeCallback is the callback type used by SubscribeToChanges to send notifications This callback will be called once for each time a handle at a particular path is resolved or refreshed `handle`: the handle of the secret (example: `ENC[api_key]` the handle is `api_key`) `origin`: origin file of the configuration `path`: a path into the config file where the secret appears, each part is a level of nesting, arrays will use stringified indexes `oldValue`: the value that the secret used to have, the empty string "" is it hasn't been resolved before `newValue`: the new value that the secret has resolved to

type SecretVal 

type SecretVal struct {
	Value    string `json:"value,omitempty"`
	ErrorMsg string `json:"error,omitempty"`
}

SecretVal defines the structure for secrets in JSON output

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.