secrets

package

v0.0.8 Latest Latest Go to latest Published: Dec 28, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dirathea/sstart

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func Mask(value string) string
func NewEmptySecretContext(ctx context.Context) provider.SecretContext
func NewSecretContext(ctx context.Context, providerSecrets provider.ProviderSecretsMap, ...) provider.SecretContext
func Redact(text string, secrets provider.Secrets) string
func SetResolver(providerSecrets provider.ProviderSecretsMap, allowedProviderIDs []string) provider.SecretsResolver
type Collector
- func NewCollector(cfg *config.Config, opts ...CollectorOption) *Collector
- func (c *Collector) Collect(ctx context.Context, providerIDs []string) (provider.Secrets, error)
type CollectorOption
- func WithForceAuth(forceAuth bool) CollectorOption
type SecretsResolver
- func (receiver SecretsResolver) Get(id string) map[string]string
- func (receiver SecretsResolver) Map() map[string]map[string]string

Constants ¶

View Source

const (
	// AccessTokenConfigKey is the key used to inject access token into provider config
	AccessTokenConfigKey = "_sso_access_token"
	// IDTokenConfigKey is the key used to inject ID token into provider config
	IDTokenConfigKey = "_sso_id_token"
)

Variables ¶

This section is empty.

Functions ¶

func Mask ¶

func Mask(value string) string

Mask masks a secret value, showing only first and last characters

func NewEmptySecretContext ¶ added in v0.0.6

func NewEmptySecretContext(ctx context.Context) provider.SecretContext

func NewSecretContext ¶ added in v0.0.6

func NewSecretContext(ctx context.Context, providerSecrets provider.ProviderSecretsMap, allowedProviderIDs []string) provider.SecretContext

NewSecretContext creates a SecretContext with a filtered resolver that only includes secrets from allowed provider IDs If allowedProviderIDs is empty or nil, the resolver will be empty (no access to any secrets)

func Redact ¶

func Redact(text string, secrets provider.Secrets) string

Redact redacts secrets from text

func SetResolver ¶ added in v0.0.6

func SetResolver(providerSecrets provider.ProviderSecretsMap, allowedProviderIDs []string) provider.SecretsResolver

SetResolver creates a filtered SecretsResolver that only includes secrets from allowed provider IDs If allowedProviderIDs is empty or nil, returns an empty resolver (no access to any secrets) This is used for security best practices - providers can only access secrets from explicitly allowed providers

Types ¶

type Collector ¶

type Collector struct {
	// contains filtered or unexported fields
}

Collector collects secrets from all configured providers

func NewCollector ¶

func NewCollector(cfg *config.Config, opts ...CollectorOption) *Collector

NewCollector creates a new secrets collector

func (*Collector) Collect ¶

func (c *Collector) Collect(ctx context.Context, providerIDs []string) (provider.Secrets, error)

Collect fetches secrets from all providers and combines them

type CollectorOption ¶ added in v0.0.6

type CollectorOption func(*Collector)

CollectorOption is a functional option for configuring the Collector

func WithForceAuth ¶ added in v0.0.6

func WithForceAuth(forceAuth bool) CollectorOption

WithForceAuth returns an option that forces re-authentication by ignoring cached tokens

type SecretsResolver ¶ added in v0.0.6

type SecretsResolver struct {
	// contains filtered or unexported fields
}

func (SecretsResolver) Get ¶ added in v0.0.6

func (receiver SecretsResolver) Get(id string) map[string]string

func (SecretsResolver) Map ¶ added in v0.0.6

func (receiver SecretsResolver) Map() map[string]map[string]string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL