token

package

v0.1.1 Latest Latest Go to latest Published: Mar 16, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/KubeRocketCI/cli

Links

Open Source Insights

Documentation ¶

Overview ¶

Package token provides encrypted token persistence for the krci CLI.

Index ¶

Variables
type EncryptedFileStore
- func NewEncryptedStore(path string, enc Encryptor) *EncryptedFileStore
type Encryptor
- func NewAESEncryptor(keyringService, configDir string) Encryptor
type Store
type StoredToken
- func NewStoredToken(tok *oauth2.Token, issuerURL, clientID string) *StoredToken
- func (t *StoredToken) ToOAuth2Token() *oauth2.Token
- func (t *StoredToken) Valid() bool

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrKeyringAccess = errors.New("unable to access OS keyring")

ErrKeyringAccess indicates the OS keyring is not available.

View Source

var ErrNoToken = errors.New("no stored token")

ErrNoToken indicates no stored token exists.

Functions ¶

This section is empty.

Types ¶

type EncryptedFileStore ¶

type EncryptedFileStore struct {
	// contains filtered or unexported fields
}

EncryptedFileStore persists tokens as AES-256-GCM encrypted JSON files.

func NewEncryptedStore ¶

func NewEncryptedStore(path string, enc Encryptor) *EncryptedFileStore

NewEncryptedStore creates a token store that encrypts data at rest.

func (*EncryptedFileStore) Clear ¶

func (s *EncryptedFileStore) Clear() error

Clear removes the stored token file.

func (*EncryptedFileStore) Load ¶

func (s *EncryptedFileStore) Load() (*StoredToken, error)

Load reads and decrypts the token from disk.

func (*EncryptedFileStore) Save ¶

func (s *EncryptedFileStore) Save(tok *StoredToken) error

Save encrypts and writes the token to disk atomically (temp file + fsync + rename).

type Encryptor ¶

type Encryptor interface {
	Encrypt(plaintext []byte) ([]byte, error)
	Decrypt(ciphertext []byte) ([]byte, error)
}

Encryptor encrypts and decrypts token data using AES-256-GCM.

func NewAESEncryptor ¶

func NewAESEncryptor(keyringService, configDir string) Encryptor

NewAESEncryptor creates an AES-256-GCM encryptor. The encryption key is stored in the OS keyring with file fallback.

type Store ¶

type Store interface {
	Save(tok *StoredToken) error
	Load() (*StoredToken, error)
	Clear() error
}

Store persists and retrieves encrypted OAuth tokens.

type StoredToken ¶

type StoredToken struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token"`
	IDToken      string    `json:"id_token"`
	ExpiresAt    time.Time `json:"expires_at"`
	IssuerURL    string    `json:"issuer_url"`
	ClientID     string    `json:"client_id"`
}

StoredToken holds the persisted OAuth token data. StoredToken holds the persisted OAuth token data.

func NewStoredToken ¶

func NewStoredToken(tok *oauth2.Token, issuerURL, clientID string) *StoredToken

NewStoredToken creates a StoredToken from an oauth2.Token and metadata.

func (*StoredToken) ToOAuth2Token ¶

func (t *StoredToken) ToOAuth2Token() *oauth2.Token

ToOAuth2Token converts to oauth2.Token for use with oauth2.TokenSource.

func (*StoredToken) Valid ¶

func (t *StoredToken) Valid() bool

Valid returns true if the access token has not expired (with 30s buffer).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL