config

package

v1.3.0 Latest Latest Go to latest Published: Apr 16, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/containers/ocicrypt

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Command
type GrpcTLS
type KeyProviderAttrs
type OcicryptConfig
- func GetConfiguration() (*OcicryptConfig, error)

Constants ¶

View Source

const ENVVARNAME = "OCICRYPT_KEYPROVIDER_CONFIG"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Command ¶

type Command struct {
	Path string   `json:"path,omitempty"`
	Args []string `json:"args,omitempty"`
}

Command describes the structure of command, it consist of path and args, where path defines the location of binary executable and args are passed on to the binary executable

type GrpcTLS ¶ added in v1.3.0

type GrpcTLS struct {
	// RootCAFile defines path to the PEM file with the set of root certificate authorities
	// that clients use when verifying server certificates.
	// If RootCAs is nil, TLS uses the host's root CA set.
	RootCAFile string `json:"root-ca-file,omitempty"`

	// CertFile contains the path to the x509 PEM encoded client certificate.
	CertFile string `json:"cert-file,omitempty"`
	// KeyFile contains the path to the PEM encoded client key.
	KeyFile string `json:"key-file,omitempty"`

	// ServerName is used to verify the hostname on the returned
	// certificates unless InsecureSkipVerify is given. It is also included
	// in the client's handshake to support virtual hosting unless it is
	// an IP address.
	ServerName string `json:"server-name,omitempty"`

	// InsecureSkipVerify controls whether a client verifies the
	// server's certificate chain and host name.
	// If InsecureSkipVerify is true, TLS accepts any certificate
	// presented by the server and any host name in that certificate.
	// In this mode, TLS is susceptible to man-in-the-middle attacks.
	// This should be used only for testing.
	InsecureSkipVerify bool `json:"insecure-skip-verify,omitempty"`
}

GrpcTLS describes the structure of TLS configuration for gRPC connection, it consist of CA certificate, client certificate and client key

type KeyProviderAttrs ¶

type KeyProviderAttrs struct {
	Command *Command `json:"cmd,omitempty"`
	Grpc    string   `json:"grpc,omitempty"`
	GrpcTLS *GrpcTLS `json:"grpc-tls,omitempty"`
}

KeyProviderAttrs describes the structure of key provider, it defines the way of invocation to key provider

type OcicryptConfig ¶

type OcicryptConfig struct {
	KeyProviderConfig map[string]KeyProviderAttrs `json:"key-providers"`
}

OcicryptConfig represents the format of an ocicrypt_provider.conf config file

func GetConfiguration ¶

func GetConfiguration() (*OcicryptConfig, error)

getConfiguration tries to read the configuration file at the following locations ${OCICRYPT_KEYPROVIDER_CONFIG} == "/etc/ocicrypt_keyprovider.yaml" If no configuration file could be found or read a null pointer is returned

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL