environment

package
v1.30.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DockerDesktopEmail    = "DOCKER_EMAIL"
	DockerDesktopUsername = "DOCKER_USERNAME"
	DockerDesktopTokenEnv = "DOCKER_TOKEN"
)
View Source 
const SandboxTokensFileName = "sandbox-tokens.json"

SandboxTokensFileName is the name of the JSON file used to forward short-lived tokens (e.g. DOCKER_TOKEN) from the host into a Docker sandbox. The host writes this file periodically; the sandbox reads it.

Variables

This section is empty.

Functions

func AbsolutePath 

func AbsolutePath(parentDir, relOrAbsPath string) (string, error)

func AbsolutePaths 

func AbsolutePaths(parentDir string, relOrAbsPaths []string) ([]string, error)

func Expand 

func Expand(ctx context.Context, value string, env Provider) (string, error)

func ExpandAll 

func ExpandAll(ctx context.Context, values []string, env Provider) ([]string, error)

func InSandbox 

func InSandbox() bool

InSandbox reports whether docker agent is running inside a Docker sandbox. Detection relies on the SANDBOX_VM_ID environment variable that Docker Desktop sets in every sandbox VM.

func SandboxTokensFilePath 

func SandboxTokensFilePath(dir string) string

SandboxTokensFilePath returns the absolute path to the sandbox tokens file inside the given directory.

func ToValues 

func ToValues(envMap map[string]string) []string

Types

type CredentialHelperProvider 

type CredentialHelperProvider struct {
	// contains filtered or unexported fields
}

CredentialHelperProvider retrieves Docker credentials using an external CLI command configured in the user's global config file.

func NewCredentialHelperProvider 

func NewCredentialHelperProvider(command string, args ...string) *CredentialHelperProvider

NewCredentialHelperProvider creates a new CredentialHelperProvider instance. The command parameter is the shell command to execute to retrieve the Docker token.

func (*CredentialHelperProvider) Get 

func (p *CredentialHelperProvider) Get(ctx context.Context, name string) (string, bool)

type DockerDesktopProvider 

type DockerDesktopProvider struct{}

func NewDockerDesktopProvider 

func NewDockerDesktopProvider() *DockerDesktopProvider

func (*DockerDesktopProvider) Get 

func (p *DockerDesktopProvider) Get(ctx context.Context, name string) (string, bool)

type EnvFilesProvider 

type EnvFilesProvider struct {
	// contains filtered or unexported fields
}

EnvFilesProvider provides access env files.

func NewEnvFilesProvider 

func NewEnvFilesProvider(absEnvFiles []string) (*EnvFilesProvider, error)

func (*EnvFilesProvider) Get 

func (p *EnvFilesProvider) Get(_ context.Context, name string) (string, bool)

type EnvListProvider 

type EnvListProvider struct {
	// contains filtered or unexported fields
}

EnvListProvider provides access a list of environment variables.

func NewEnvListProvider 

func NewEnvListProvider(env []string) *EnvListProvider

func (*EnvListProvider) Get 

func (p *EnvListProvider) Get(_ context.Context, name string) (string, bool)

type KeyValuePair 

type KeyValuePair struct {
	Key   string
	Value string
}

func ReadEnvFile 

func ReadEnvFile(absolutePath string) ([]KeyValuePair, error)

func ReadEnvFiles 

func ReadEnvFiles(absolutePaths []string) ([]KeyValuePair, error)

type KeychainNotAvailableError 

type KeychainNotAvailableError struct{}

func (KeychainNotAvailableError) Error 

func (KeychainNotAvailableError) Error() string

type KeychainProvider 

type KeychainProvider struct{}

KeychainProvider is a provider that retrieves secrets using the macOS keychain via the `security` command-line tool.

func NewKeychainProvider 

func NewKeychainProvider() (*KeychainProvider, error)

NewKeychainProvider creates a new KeychainProvider instance. It verifies that the `security` command is available on the system.

func (*KeychainProvider) Get 

func (p *KeychainProvider) Get(ctx context.Context, name string) (string, bool)

Get retrieves the value of a secret by its service name from the macOS keychain. It uses the `security find-generic-password -w -s <name>` command to fetch the password.

type MultiProvider 

type MultiProvider struct {
	// contains filtered or unexported fields
}

func NewMultiProvider 

func NewMultiProvider(providers ...Provider) *MultiProvider

func (*MultiProvider) Get 

func (p *MultiProvider) Get(ctx context.Context, name string) (string, bool)

type OsEnvProvider 

type OsEnvProvider struct{}

OsEnvProvider provides access to the operating system's environment variables.

func NewOsEnvProvider 

func NewOsEnvProvider() *OsEnvProvider

func (*OsEnvProvider) Get 

func (p *OsEnvProvider) Get(_ context.Context, name string) (string, bool)

type PassNotAvailableError 

type PassNotAvailableError struct{}

func (PassNotAvailableError) Error 

func (PassNotAvailableError) Error() string

type PassProvider 

type PassProvider struct{}

PassProvider is a provider that retrieves secrets using the `pass` password manager.

func NewPassProvider 

func NewPassProvider() (*PassProvider, error)

NewPassProvider creates a new PassProvider instance.

func (*PassProvider) Get 

func (p *PassProvider) Get(ctx context.Context, name string) (string, bool)

Get retrieves the value of a secret by its name using the `pass` CLI. The name corresponds to the path in the `pass` store.

type Provider 

type Provider interface {
	// Get retrieves the value of an environment variable by name.
	// Returns (value, true) if found (value may be empty).
	// Returns ("", false) if not found.
	Get(ctx context.Context, name string) (string, bool)
}

func NewDefaultProvider 

func NewDefaultProvider() Provider

NewDefaultProvider creates a provider chain with OS env, run secrets, credential helper (if configured), Docker Desktop, pass, and keychain providers.

When running inside a Docker sandbox (detected via SANDBOX_VM_ID), a SandboxTokenProvider is prepended so that DOCKER_TOKEN is read from the JSON file written by the host-side token writer.

type RequiredEnvError 

type RequiredEnvError struct {
	Missing []string
}

func (*RequiredEnvError) Error 

func (e *RequiredEnvError) Error() string

type RunSecretsProvider 

type RunSecretsProvider struct {
	// contains filtered or unexported fields
}

func NewRunSecretsProvider 

func NewRunSecretsProvider() *RunSecretsProvider

func (*RunSecretsProvider) Get 

func (p *RunSecretsProvider) Get(_ context.Context, name string) (string, bool)

type SandboxTokenProvider 

type SandboxTokenProvider struct {
	// contains filtered or unexported fields
}

SandboxTokenProvider reads DOCKER_TOKEN from a JSON file on disk. It is used inside the sandbox where Docker Desktop's backend API is unreachable and the OS env contains only a stale one-shot token.

Only DOCKER_TOKEN is served; requests for any other variable return ("", false).

func NewSandboxTokenProvider 

func NewSandboxTokenProvider(path string) *SandboxTokenProvider

NewSandboxTokenProvider creates a provider that reads tokens from path.

func (*SandboxTokenProvider) Get 

func (p *SandboxTokenProvider) Get(_ context.Context, name string) (string, bool)

Get implements Provider. It returns DOCKER_TOKEN read from the JSON file, or ("", false) for any other variable name or on read failure.

type SandboxTokenWriter 

type SandboxTokenWriter struct {
	// contains filtered or unexported fields
}

SandboxTokenWriter periodically fetches DOCKER_TOKEN from a provider and writes it to the sandbox tokens JSON file so that processes inside the sandbox can read a fresh value.

func NewSandboxTokenWriter 

func NewSandboxTokenWriter(path string, provider Provider, interval time.Duration) *SandboxTokenWriter

NewSandboxTokenWriter creates a writer that refreshes the token file at the given interval. Call SandboxTokenWriter.Start to begin writing and SandboxTokenWriter.Stop to terminate the background goroutine.

func (*SandboxTokenWriter) Start 

func (w *SandboxTokenWriter) Start(ctx context.Context)

Start writes the token file immediately and then refreshes it on the configured interval in a background goroutine.

func (*SandboxTokenWriter) Stop 

func (w *SandboxTokenWriter) Stop()

Stop terminates the background goroutine and removes the token file.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.