credentialhelper

package module
v0.0.0-...-23a2b2b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 20, 2026 License: Apache-2.0 Imports: 10 Imported by: 1

Documentation

Overview

Package credentialhelper is a Go library for interacting with `Credential Helpers`.

A `Credential Helper` is a tool for securely storing and retrieving credentials (e.g., for interacting with remote servers over `gRPC` or `HTTP(s)`).

This library provides an easy and convenient way for implementing a credential helper as well as using a credential Helper from within an application to retrieve credentials.

See https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal for additional information about credential helpers.

Example (Client) 
package main

import (
	"context"
	"fmt"
	"os"

	credentialhelper "github.com/EngFlow/credential-helper-go"
)

const (
	CredentialHelperEnvironmentVariable = "REAL_CREDENTIAL_HELPER"
)

func main() {
	credentialHelperPath := os.Getenv(CredentialHelperEnvironmentVariable)
	if credentialHelperPath == "" {
		fmt.Fprintln(os.Stderr, CredentialHelperEnvironmentVariable+" not set")
		return
	}

	helper, err := credentialhelper.NewClient(credentialHelperPath)
	if err != nil {
		fmt.Fprintf(os.Stderr, "error creating credential helper: %v", err)
		return
	}

	response, err := helper.GetCredentials(
		context.Background(),
		&credentialhelper.GetCredentialsRequest{
			URI: "grpcs://example.com",
		})
	if err != nil {
		fmt.Fprintf(os.Stderr, "error fetching credentials: %v", err)
		return
	}

	for name, values := range response.Headers {
		for _, value := range values {
			fmt.Fprintf(os.Stdout, "%s: %s", name, value)
		}
	}
}
Example (HelperProcess) 
package main

import (
	"context"
	"errors"

	"github.com/EngFlow/credential-helper-go"
)

type exampleCredentialHelper struct {
	credentialhelper.CredentialHelperBase
}

func (e *exampleCredentialHelper) GetCredentials(ctx context.Context, request *credentialhelper.GetCredentialsRequest, extraParameters ...string) (*credentialhelper.GetCredentialsResponse, error) {
	return nil, errors.New("example does not provide credentials")
}

func main() {
	credentialhelper.StartCredentialHelper(&exampleCredentialHelper{})

	panic("UNREACHED")
}

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func StartCredentialHelper 

func StartCredentialHelper(helper CredentialHelper)

StartCredentialHelper is a util for turning the current process as credential helper.

This function never returns.

Types

type CredentialHelper 

type CredentialHelper interface {

	// GetCredentials fetches credentials from the helper.
	GetCredentials(ctx context.Context, request *GetCredentialsRequest, extraParameters ...string) (*GetCredentialsResponse, error)
	// contains filtered or unexported methods
}

CredentialHelper provides an interface to implement a Credential Helper or communicate with one.

func NewClient 

func NewClient(credentialHelperPath string) (CredentialHelper, error)

NewClient returns a new CredentialHelper invoking the provided path following the protocol for Bazel Credential Helpers.

type CredentialHelperBase 

type CredentialHelperBase struct{}

CredentialHelperBase is the base for all implementations of [CredentialHelper]s.

func (CredentialHelperBase) GetCredentials 

func (CredentialHelperBase) GetCredentials(ctx context.Context, request *GetCredentialsRequest, extraParameters ...string) (*GetCredentialsResponse, error)

type GetCredentialsRequest 

type GetCredentialsRequest struct {
	// The URI to get credentials for.
	URI string `json:"uri"`
}

GetCredentialsRequest represents the request for the `get` command of the Helper Protocol.

type GetCredentialsResponse 

type GetCredentialsResponse struct {
	// The headers containing credentials to add to all requests to the URI.
	Headers map[string][]string `json:"headers"`

	// The time the credentials expire and stop being valid for new requests,
	// formatted following [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339.html).
	Expires *time.Time `json:"expires"`
}

GetCredentialsResponse represents the response for the `get` command of the Helper Protocol.

func (GetCredentialsResponse) MarshalJSON 

func (resp GetCredentialsResponse) MarshalJSON() ([]byte, error)

Source Files

View all Source files

Directories

Path Synopsis
Package grpc provides integration for credential helpers with `gRPC`.
 Package grpc provides integration for credential helpers with `gRPC`.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.