spiffe

package

v0.18.0 Latest Latest Go to latest Published: May 5, 2026 License: Apache-2.0 Imports: 19 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dapr/kit

Links

Documentation ¶

Index ¶

type Identity
type KeyAlgorithm
type Options
type RequestSVIDFn
type SPIFFE
- func New(opts Options) *SPIFFE
type SVIDResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Identity ¶ added in v0.16.0

type Identity struct {
	X509SVID           *x509svid.SVID
	JWTSVID            *jwtsvid.SVID
	PerAudienceJWTSVID map[string]*jwtsvid.SVID
}

Identity contains both X.509 and JWT SVIDs for a workload. It may include a base JWT SVID as well as per-audience JWT SVIDs.

type KeyAlgorithm ¶ added in v0.18.0

type KeyAlgorithm int

KeyAlgorithm selects the algorithm used to generate the workload's private key when requesting an SVID.

const (
	// KeyAlgorithmEd25519 generates an Ed25519 private key. This is the
	// default when no algorithm is specified.
	KeyAlgorithmEd25519 KeyAlgorithm = iota

	// KeyAlgorithmRSA generates an RSA private key. Used by workloads whose
	// certificates are consumed by systems that do not accept Ed25519, such
	// as the Kubernetes API server when calling admission webhooks.
	KeyAlgorithmRSA
)

type Options ¶

type Options struct {
	Log           logger.Logger
	RequestSVIDFn RequestSVIDFn

	// WriteIdentityToFile is used to write the identity private key and
	// certificate chain to file. The certificate chain and private key will be
	// written to the `tls.cert` and `tls.key` files respectively in the given
	// directory.
	WriteIdentityToFile *string

	TrustAnchors trustanchors.Interface

	// KeyAlgorithm selects the algorithm used for the workload's private
	// key. When nil, defaults to Ed25519.
	KeyAlgorithm *KeyAlgorithm
}

type RequestSVIDFn ¶

type RequestSVIDFn func(context.Context, []byte) (*SVIDResponse, error)

RequestSVIDFn is the function type that requests SVIDs from a SPIFFE server, returning both X.509 certificates and a JWT token.

type SPIFFE ¶

type SPIFFE struct {
	// contains filtered or unexported fields
}

SPIFFE is a readable/writeable store of SPIFFE SVID credentials. Used to manage workload SVIDs, and share read-only interfaces to consumers.

func New ¶

func New(opts Options) *SPIFFE

func (*SPIFFE) JWTSVIDSource ¶ added in v0.16.0

func (s *SPIFFE) JWTSVIDSource() jwtsvid.Source

func (*SPIFFE) Ready ¶

func (s *SPIFFE) Ready(ctx context.Context) error

Ready blocks until SPIFFE is ready or the context is done which will return the context error.

func (*SPIFFE) Run ¶

func (s *SPIFFE) Run(ctx context.Context) error

func (*SPIFFE) X509SVIDSource ¶ added in v0.16.0

func (s *SPIFFE) X509SVIDSource() x509svid.Source

type SVIDResponse ¶ added in v0.16.0

type SVIDResponse struct {
	X509Certificates []*x509.Certificate
	JWT              *string //nolint:gosec
	PerAudienceJWT   map[string]string
}

SVIDResponse represents the response from the SVID request function, containing both X.509 certificates and JWT tokens (base and per-audience).

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
context
signer
trustanchors
fake
file
multi
static

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL