environment

package

v1.30.1 Latest Latest Go to latest Published: Mar 11, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/docker/docker-agent

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AbsolutePath(parentDir, relOrAbsPath string) (string, error)
func AbsolutePaths(parentDir string, relOrAbsPaths []string) ([]string, error)
func Expand(ctx context.Context, value string, env Provider) (string, error)
func ExpandAll(ctx context.Context, values []string, env Provider) ([]string, error)
func InSandbox() bool
func SandboxTokensFilePath(dir string) string
func ToValues(envMap map[string]string) []string
type CredentialHelperProvider
- func NewCredentialHelperProvider(command string, args ...string) *CredentialHelperProvider
- func (p *CredentialHelperProvider) Get(ctx context.Context, name string) (string, bool)
type DockerDesktopProvider
- func NewDockerDesktopProvider() *DockerDesktopProvider
- func (p *DockerDesktopProvider) Get(ctx context.Context, name string) (string, bool)
type EnvFilesProvider
- func NewEnvFilesProvider(absEnvFiles []string) (*EnvFilesProvider, error)
- func (p *EnvFilesProvider) Get(_ context.Context, name string) (string, bool)
type EnvListProvider
- func NewEnvListProvider(env []string) *EnvListProvider
- func (p *EnvListProvider) Get(_ context.Context, name string) (string, bool)
type KeyValuePair
- func ReadEnvFile(absolutePath string) ([]KeyValuePair, error)
- func ReadEnvFiles(absolutePaths []string) ([]KeyValuePair, error)
type KeychainNotAvailableError
- func (KeychainNotAvailableError) Error() string
type KeychainProvider
- func NewKeychainProvider() (*KeychainProvider, error)
- func (p *KeychainProvider) Get(ctx context.Context, name string) (string, bool)
type MapEnvProvider
- func NewMapEnvProvider(vars map[string]string) *MapEnvProvider
- func (p *MapEnvProvider) Get(_ context.Context, name string) (string, bool)
type MultiProvider
- func NewMultiProvider(providers ...Provider) *MultiProvider
- func (p *MultiProvider) Get(ctx context.Context, name string) (string, bool)
type NoEnvProvider
- func NewNoEnvProvider() *NoEnvProvider
- func (p *NoEnvProvider) Get(context.Context, string) (string, bool)
type OsEnvProvider
- func NewOsEnvProvider() *OsEnvProvider
- func (p *OsEnvProvider) Get(_ context.Context, name string) (string, bool)
type PassNotAvailableError
- func (PassNotAvailableError) Error() string
type PassProvider
- func NewPassProvider() (*PassProvider, error)
- func (p *PassProvider) Get(ctx context.Context, name string) (string, bool)
type Provider
- func NewDefaultProvider() Provider
type RequiredEnvError
- func (e *RequiredEnvError) Error() string
type RunSecretsProvider
- func NewRunSecretsProvider() *RunSecretsProvider
- func (p *RunSecretsProvider) Get(_ context.Context, name string) (string, bool)
type SandboxTokenProvider
- func NewSandboxTokenProvider(path string) *SandboxTokenProvider
- func (p *SandboxTokenProvider) Get(_ context.Context, name string) (string, bool)
type SandboxTokenWriter
- func NewSandboxTokenWriter(path string, provider Provider, interval time.Duration) *SandboxTokenWriter
- func (w *SandboxTokenWriter) Start(ctx context.Context)
- func (w *SandboxTokenWriter) Stop()

Constants ¶

View Source

const (
	DockerDesktopEmail    = "DOCKER_EMAIL"
	DockerDesktopUsername = "DOCKER_USERNAME"
	DockerDesktopTokenEnv = "DOCKER_TOKEN"
)

View Source

const SandboxTokensFileName = "sandbox-tokens.json"

SandboxTokensFileName is the name of the JSON file used to forward short-lived tokens (e.g. DOCKER_TOKEN) from the host into a Docker sandbox. The host writes this file periodically; the sandbox reads it.

Variables ¶

This section is empty.

Functions ¶

func AbsolutePath ¶

func AbsolutePath(parentDir, relOrAbsPath string) (string, error)

func AbsolutePaths ¶

func AbsolutePaths(parentDir string, relOrAbsPaths []string) ([]string, error)

func Expand ¶

func Expand(ctx context.Context, value string, env Provider) (string, error)

func ExpandAll ¶

func ExpandAll(ctx context.Context, values []string, env Provider) ([]string, error)

func InSandbox ¶

func InSandbox() bool

InSandbox reports whether docker agent is running inside a Docker sandbox. Detection relies on the SANDBOX_VM_ID environment variable that Docker Desktop sets in every sandbox VM.

func SandboxTokensFilePath ¶

func SandboxTokensFilePath(dir string) string

SandboxTokensFilePath returns the absolute path to the sandbox tokens file inside the given directory.

func ToValues ¶

func ToValues(envMap map[string]string) []string

Types ¶

type CredentialHelperProvider ¶

type CredentialHelperProvider struct {
	// contains filtered or unexported fields
}

CredentialHelperProvider retrieves Docker credentials using an external CLI command configured in the user's global config file.

func NewCredentialHelperProvider ¶

func NewCredentialHelperProvider(command string, args ...string) *CredentialHelperProvider

NewCredentialHelperProvider creates a new CredentialHelperProvider instance. The command parameter is the shell command to execute to retrieve the Docker token.

func (*CredentialHelperProvider) Get ¶

func (p *CredentialHelperProvider) Get(ctx context.Context, name string) (string, bool)

type DockerDesktopProvider ¶

type DockerDesktopProvider struct{}

func NewDockerDesktopProvider ¶

func NewDockerDesktopProvider() *DockerDesktopProvider

func (*DockerDesktopProvider) Get ¶

func (p *DockerDesktopProvider) Get(ctx context.Context, name string) (string, bool)

type EnvFilesProvider ¶

type EnvFilesProvider struct {
	// contains filtered or unexported fields
}

EnvFilesProvider provides access env files.

func NewEnvFilesProvider ¶

func NewEnvFilesProvider(absEnvFiles []string) (*EnvFilesProvider, error)

func (*EnvFilesProvider) Get ¶

func (p *EnvFilesProvider) Get(_ context.Context, name string) (string, bool)

type EnvListProvider ¶

type EnvListProvider struct {
	// contains filtered or unexported fields
}

EnvListProvider provides access a list of environment variables.

func NewEnvListProvider ¶

func NewEnvListProvider(env []string) *EnvListProvider

func (*EnvListProvider) Get ¶

func (p *EnvListProvider) Get(_ context.Context, name string) (string, bool)

type KeyValuePair ¶

type KeyValuePair struct {
	Key   string
	Value string
}

func ReadEnvFile ¶

func ReadEnvFile(absolutePath string) ([]KeyValuePair, error)

func ReadEnvFiles ¶

func ReadEnvFiles(absolutePaths []string) ([]KeyValuePair, error)

type KeychainNotAvailableError ¶

type KeychainNotAvailableError struct{}

func (KeychainNotAvailableError) Error ¶

func (KeychainNotAvailableError) Error() string

type KeychainProvider ¶

type KeychainProvider struct{}

KeychainProvider is a provider that retrieves secrets using the macOS keychain via the `security` command-line tool.

func NewKeychainProvider ¶

func NewKeychainProvider() (*KeychainProvider, error)

NewKeychainProvider creates a new KeychainProvider instance. It verifies that the `security` command is available on the system.

func (*KeychainProvider) Get ¶

func (p *KeychainProvider) Get(ctx context.Context, name string) (string, bool)

Get retrieves the value of a secret by its service name from the macOS keychain. It uses the `security find-generic-password -w -s <name>` command to fetch the password.

type MapEnvProvider ¶ added in v1.30.1

type MapEnvProvider struct {
	// contains filtered or unexported fields
}

MapEnvProvider provides access to a static map of environment variables.

func NewMapEnvProvider ¶ added in v1.30.1

func NewMapEnvProvider(vars map[string]string) *MapEnvProvider

func (*MapEnvProvider) Get ¶ added in v1.30.1

func (p *MapEnvProvider) Get(_ context.Context, name string) (string, bool)

type MultiProvider ¶

type MultiProvider struct {
	// contains filtered or unexported fields
}

func NewMultiProvider ¶

func NewMultiProvider(providers ...Provider) *MultiProvider

func (*MultiProvider) Get ¶

func (p *MultiProvider) Get(ctx context.Context, name string) (string, bool)

type NoEnvProvider ¶ added in v1.30.1

type NoEnvProvider struct{}

NoEnvProvider is a provider that never finds any variable.

func NewNoEnvProvider ¶ added in v1.30.1

func NewNoEnvProvider() *NoEnvProvider

func (*NoEnvProvider) Get ¶ added in v1.30.1

func (p *NoEnvProvider) Get(context.Context, string) (string, bool)

type OsEnvProvider ¶

type OsEnvProvider struct{}

OsEnvProvider provides access to the operating system's environment variables.

func NewOsEnvProvider ¶

func NewOsEnvProvider() *OsEnvProvider

func (*OsEnvProvider) Get ¶

func (p *OsEnvProvider) Get(_ context.Context, name string) (string, bool)

type PassNotAvailableError ¶

type PassNotAvailableError struct{}

func (PassNotAvailableError) Error ¶

func (PassNotAvailableError) Error() string

type PassProvider ¶

type PassProvider struct{}

PassProvider is a provider that retrieves secrets using the `pass` password manager.

func NewPassProvider ¶

func NewPassProvider() (*PassProvider, error)

NewPassProvider creates a new PassProvider instance.

func (*PassProvider) Get ¶

func (p *PassProvider) Get(ctx context.Context, name string) (string, bool)

Get retrieves the value of a secret by its name using the `pass` CLI. The name corresponds to the path in the `pass` store.

type Provider ¶

type Provider interface {
	// Get retrieves the value of an environment variable by name.
	// Returns (value, true) if found (value may be empty).
	// Returns ("", false) if not found.
	Get(ctx context.Context, name string) (string, bool)
}

func NewDefaultProvider ¶

func NewDefaultProvider() Provider

NewDefaultProvider creates a provider chain with OS env, run secrets, credential helper (if configured), Docker Desktop, pass, and keychain providers.

When running inside a Docker sandbox (detected via SANDBOX_VM_ID), a SandboxTokenProvider is prepended so that DOCKER_TOKEN is read from the JSON file written by the host-side token writer.

type RequiredEnvError ¶

type RequiredEnvError struct {
	Missing []string
}

func (*RequiredEnvError) Error ¶

func (e *RequiredEnvError) Error() string

type RunSecretsProvider ¶

type RunSecretsProvider struct {
	// contains filtered or unexported fields
}

func NewRunSecretsProvider ¶

func NewRunSecretsProvider() *RunSecretsProvider

func (*RunSecretsProvider) Get ¶

func (p *RunSecretsProvider) Get(_ context.Context, name string) (string, bool)

type SandboxTokenProvider ¶

type SandboxTokenProvider struct {
	// contains filtered or unexported fields
}

SandboxTokenProvider reads DOCKER_TOKEN from a JSON file on disk. It is used inside the sandbox where Docker Desktop's backend API is unreachable and the OS env contains only a stale one-shot token.

Only DOCKER_TOKEN is served; requests for any other variable return ("", false).

func NewSandboxTokenProvider ¶

func NewSandboxTokenProvider(path string) *SandboxTokenProvider

NewSandboxTokenProvider creates a provider that reads tokens from path.

func (*SandboxTokenProvider) Get ¶

func (p *SandboxTokenProvider) Get(_ context.Context, name string) (string, bool)

Get implements Provider. It returns DOCKER_TOKEN read from the JSON file, or ("", false) for any other variable name or on read failure.

type SandboxTokenWriter ¶

type SandboxTokenWriter struct {
	// contains filtered or unexported fields
}

SandboxTokenWriter periodically fetches DOCKER_TOKEN from a provider and writes it to the sandbox tokens JSON file so that processes inside the sandbox can read a fresh value.

func NewSandboxTokenWriter ¶

func NewSandboxTokenWriter(path string, provider Provider, interval time.Duration) *SandboxTokenWriter

NewSandboxTokenWriter creates a writer that refreshes the token file at the given interval. Call SandboxTokenWriter.Start to begin writing and SandboxTokenWriter.Stop to terminate the background goroutine.

func (*SandboxTokenWriter) Start ¶

func (w *SandboxTokenWriter) Start(ctx context.Context)

Start writes the token file immediately and then refreshes it on the configured interval in a background goroutine.

func (*SandboxTokenWriter) Stop ¶

func (w *SandboxTokenWriter) Stop()

Stop terminates the background goroutine and removes the token file.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL