keyring

package
v1.222.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package keyring provides a credential-agnostic key->string-value secret store backed by the OS keychain (zalando go-keyring), an encrypted file (99designs/keyring), or in-memory/noop backends. It carries no realm, credential-envelope, or expiry semantics — callers layer those on top. It is shared by the auth credential store (pkg/auth/credentials) and the keychain secrets store (pkg/store). See docs/prd/secrets-management.md.

Package keyring is a generated GoMock package.

Index

Constants

View Source 
const (
	TypeSystem = "system"
	TypeFile   = "file"
	TypeMemory = "memory"
	TypeNoop   = "noop"
)

Backend type identifiers returned by Keyring.Type().

Variables

View Source 
var (
	// ErrNotFound indicates the requested key does not exist in the backend.
	ErrNotFound = errors.New("keyring: key not found")
	// ErrListNotSupported indicates the backend cannot enumerate keys (e.g. the OS keychain).
	ErrListNotSupported = errors.New("keyring: listing keys is not supported by this backend")
	// ErrUnknownBackend indicates an unrecognized Config.Type.
	ErrUnknownBackend = errors.New("keyring: unknown backend type")
	// ErrUnavailable indicates a backend could not be initialized (e.g. no dbus in a container,
	// or the file directory could not be created).
	ErrUnavailable = errors.New("keyring: backend unavailable")
	// ErrPasswordRequired indicates the file backend needs a password but none was provided.
	ErrPasswordRequired = errors.New("keyring: password required")
	// ErrPasswordTooShort indicates the file backend password is below the minimum length.
	ErrPasswordTooShort = errors.New("keyring: password too short")
)

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Type is the backend: TypeSystem (default when empty), TypeFile, TypeMemory, or TypeNoop.
	Type string
	// ServiceName namespaces entries: the zalando account for the system backend and the
	// 99designs ServiceName for the file backend. Defaults to "atmos".
	ServiceName string
	// FileDir is the directory for the file backend. Empty uses the XDG data dir.
	FileDir string
	// PasswordEnv names the environment variable holding the file-backend password. Empty uses
	// ATMOS_KEYRING_PASSWORD.
	PasswordEnv string
}

Config selects and configures a Keyring backend.

type Keyring 

type Keyring interface {
	// Get returns the value for key, or ErrNotFound if absent.
	Get(key string) (string, error)
	// Set stores value under key, overwriting any existing value.
	Set(key string, value string) error
	// Delete removes key. It is idempotent: deleting an absent key returns nil.
	Delete(key string) error
	// Has reports whether key exists.
	Has(key string) (bool, error)
	// List returns all stored keys. Backends that cannot enumerate (e.g. the OS keychain)
	// return ErrListNotSupported.
	List() ([]string, error)
	// Type returns the backend identifier (one of TypeSystem/TypeFile/TypeMemory/TypeNoop).
	Type() string
}

Keyring is a generic key->string-value secret store. Implementations persist raw string values; any structure (JSON, envelopes) is the caller's concern.

func New 

func New(cfg Config) (Keyring, error)

New constructs the backend named by cfg.Type. It does NOT fall back between backends: callers that want resilience (e.g. system->noop in containers) implement that policy themselves, so a store that needs durable writes can surface a hard error instead of silently using noop.

type MockKeyring 

type MockKeyring struct {
	// contains filtered or unexported fields
}

MockKeyring is a mock of Keyring interface.

func NewMockKeyring 

func NewMockKeyring(ctrl *gomock.Controller) *MockKeyring

NewMockKeyring creates a new mock instance.

func (*MockKeyring) Delete 

func (m *MockKeyring) Delete(key string) error

Delete mocks base method.

func (*MockKeyring) EXPECT 

func (m *MockKeyring) EXPECT() *MockKeyringMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyring) Get 

func (m *MockKeyring) Get(key string) (string, error)

Get mocks base method.

func (*MockKeyring) Has 

func (m *MockKeyring) Has(key string) (bool, error)

Has mocks base method.

func (*MockKeyring) List 

func (m *MockKeyring) List() ([]string, error)

List mocks base method.

func (*MockKeyring) Set 

func (m *MockKeyring) Set(key, value string) error

Set mocks base method.

func (*MockKeyring) Type 

func (m *MockKeyring) Type() string

Type mocks base method.

type MockKeyringMockRecorder 

type MockKeyringMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyringMockRecorder is the mock recorder for MockKeyring.

func (*MockKeyringMockRecorder) Delete 

func (mr *MockKeyringMockRecorder) Delete(key any) *gomock.Call

Delete indicates an expected call of Delete.

func (*MockKeyringMockRecorder) Get 

func (mr *MockKeyringMockRecorder) Get(key any) *gomock.Call

Get indicates an expected call of Get.

func (*MockKeyringMockRecorder) Has 

func (mr *MockKeyringMockRecorder) Has(key any) *gomock.Call

Has indicates an expected call of Has.

func (*MockKeyringMockRecorder) List 

func (mr *MockKeyringMockRecorder) List() *gomock.Call

List indicates an expected call of List.

func (*MockKeyringMockRecorder) Set 

func (mr *MockKeyringMockRecorder) Set(key, value any) *gomock.Call

Set indicates an expected call of Set.

func (*MockKeyringMockRecorder) Type 

func (mr *MockKeyringMockRecorder) Type() *gomock.Call

Type indicates an expected call of Type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.