Versions in this module Expand all Collapse all v0 v0.2.0 Dec 29, 2025 Changes in this version + const ConfigDirName + const EnvPolicyFile + const PolicyFileName + func EnsureConfigDir() (string, error) + func GetConfigPaths() map[string]string + func SavePolicy(policy *Policy) error + type FilePolicy struct + Locked []string + Version int + func LoadPolicyFromFile(path string) (*FilePolicy, error) type Policy + func LoadPolicy() (*Policy, error) v0.1.0 Dec 29, 2025 Changes in this version + var ErrAccessDenied = errors.New("access denied") + var ErrEnvironmentNotSupported = errors.New("environment not supported") + var ErrNotInitialized = errors.New("secure vault not initialized") + var ErrPolicyViolation = errors.New("policy violation") + var ErrProviderNotAvailable = errors.New("provider not available") + var ErrSecretNotFound = errors.New("secret not found") + var ErrSecurityCheckFailed = errors.New("security check failed") + func GetEnv(ctx context.Context, name string, policy *Policy) (string, error) + func GetLocalSecuritySummary() (*inspector.SecuritySummary, error) + func IsLocalSecuritySupported() bool + func LoadCredentials(ctx context.Context, policy *Policy, names ...string) (map[string]string, error) + func LoadRequiredCredentials(ctx context.Context, policy *Policy, names ...string) (map[string]string, error) + func MustGetEnv(ctx context.Context, name string, policy *Policy) string + func RequireSecurity(policy *Policy) error + type AWSDetails struct + AccountID string + ExecutionEnv string + FunctionName string + Region string + RoleARN string + TokenFile string + type AWSPolicy struct + AllowedAccountIDs []string + AllowedRegions []string + AllowedRoleARNs []string + RequireIMDSv2 bool + RequireIRSA bool + type AzureDetails struct + ClientID string + ResourceGroup string + Subscription string + TenantID string + TokenFile string + type AzurePolicy struct + AllowedClientIDs []string + AllowedRegions []string + AllowedSubscriptions []string + AllowedTenantIDs []string + RequireWorkloadIdentity bool + type CloudPolicy struct + AWS *AWSPolicy + Azure *AzurePolicy + GCP *GCPPolicy + RequireIAM bool + type CloudSecurityDetails struct + CloudProvider string + IAM *IAMDetails + Kubernetes *KubernetesDetails + Region string + type Config struct + CustomVault vault.Vault + ForceEnvironment Environment + Logger *slog.Logger + Policy *Policy + ProviderConfig any + type Environment string + const EnvAKS + const EnvAzureFunc + const EnvCloudRun + const EnvContainer + const EnvEKS + const EnvGKE + const EnvKubernetes + const EnvLambda + const EnvLocal + const EnvUnknown + func DetectEnvironment() Environment + func (e Environment) IsAWS() bool + func (e Environment) IsAzure() bool + func (e Environment) IsCloud() bool + func (e Environment) IsGCP() bool + func (e Environment) IsKubernetes() bool + func (e Environment) IsLocal() bool + func (e Environment) String() string + type EnvironmentDetails struct + AWS *AWSDetails + Arch string + Azure *AzureDetails + Environment Environment + GCP *GCPDetails + Kubernetes *KubernetesDetails + Platform string + func GetEnvironmentDetails() *EnvironmentDetails + type GCPDetails struct + ClusterName string + ProjectID string + Region string + ServiceAccountEmail string + ServiceName string + type GCPPolicy struct + AllowedProjects []string + AllowedRegions []string + AllowedServiceAccounts []string + RequireWorkloadIdentity bool + type IAMDetails struct + ClientID string + Configured bool + RoleARN string + ServiceAccountEmail string + TokenPath string + type KubernetesDetails struct + InCluster bool + Namespace string + PodName string + ServiceAccount string + type KubernetesPolicy struct + AllowedNamespaces []string + AllowedServiceAccounts []string + DeniedNamespaces []string + RequireNonRoot bool + RequireReadOnlyRoot bool + RequireServiceAccount bool + type LocalPolicy struct + AllowedPlatforms []string + MinSecurityScore int + RequireBiometrics bool + RequireEncryption bool + RequireSecureBoot bool + RequireTPM bool + type LocalSecurityDetails struct + BiometricsAvailable bool + BiometricsConfigured bool + DiskEncrypted bool + EncryptionType string + Platform string + SecureBootEnabled bool + TPMEnabled bool + TPMPresent bool + TPMType string + type Policy struct + AllowInsecure bool + Cloud *CloudPolicy + FallbackProvider Provider + InsecureReason string + Kubernetes *KubernetesPolicy + Local *LocalPolicy + ProviderMap map[Environment]Provider + func DefaultPolicy() *Policy + func DevelopmentPolicy() *Policy + func StrictPolicy() *Policy + type PolicyError struct + Details string + Err error + Policy string + Requirement string + func NewPolicyError(policy, requirement, details string) *PolicyError + func (e *PolicyError) Error() string + func (e *PolicyError) Unwrap() error + type Provider string + const ProviderAWSParameterStore + const ProviderAWSSecretsManager + const ProviderAzureKeyVault + const ProviderEnv + const ProviderFile + const ProviderGCPSecretManager + const ProviderK8sSecret + const ProviderKeyring + const ProviderVault + func (p Provider) String() string + type ProviderError struct + Cause error + Err error + Operation string + Path string + Provider Provider + func NewProviderError(provider Provider, operation, path string, cause error) *ProviderError + func (e *ProviderError) Error() string + func (e *ProviderError) Unwrap() error + type SecureVault struct + func MustQuick() *SecureVault + func MustQuickDev() *SecureVault + func New(cfg *Config) (*SecureVault, error) + func Quick() (*SecureVault, error) + func QuickDev() (*SecureVault, error) + func QuickStrict() (*SecureVault, error) + func (sv *SecureVault) Close() error + func (sv *SecureVault) Delete(ctx context.Context, path string) error + func (sv *SecureVault) Environment() Environment + func (sv *SecureVault) Exists(ctx context.Context, path string) (bool, error) + func (sv *SecureVault) Get(ctx context.Context, path string) (*vault.Secret, error) + func (sv *SecureVault) GetField(ctx context.Context, path, field string) (string, error) + func (sv *SecureVault) GetValue(ctx context.Context, path string) (string, error) + func (sv *SecureVault) IsSecure() bool + func (sv *SecureVault) List(ctx context.Context, prefix string) ([]string, error) + func (sv *SecureVault) Provider() Provider + func (sv *SecureVault) SecurityResult() *SecurityResult + func (sv *SecureVault) Set(ctx context.Context, path string, secret *vault.Secret) error + func (sv *SecureVault) SetValue(ctx context.Context, path, value string) error + type SecurityDetails struct + Cloud *CloudSecurityDetails + Local *LocalSecurityDetails + type SecurityError struct + Actual string + Check string + Environment Environment + Err error + Recommendations []string + Required string + func NewSecurityError(check, required, actual string, env Environment, recommendations ...string) *SecurityError + func (e *SecurityError) Error() string + func (e *SecurityError) Unwrap() error + type SecurityLevel string + const SecurityCritical + const SecurityExcellent + const SecurityHigh + const SecurityLow + const SecurityMedium + type SecurityResult struct + Details SecurityDetails + Environment Environment + Level SecurityLevel + Message string + Passed bool + Recommendations []string + Score int + Timestamp time.Time + func CheckCloudSecurity(env Environment, policy *CloudPolicy) (*SecurityResult, error) + func CheckKubernetesSecurity(env Environment, policy *KubernetesPolicy) (*SecurityResult, error) + func CheckLocalSecurity(policy *LocalPolicy) (*SecurityResult, error) + func CheckSecurity(policy *Policy) (*SecurityResult, error)
Go to main page