Affected by GO-2022-0260 and 1 other vulnerabilities

GO-2022-0260: Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller

GO-2022-0447: Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2

keyservice

package

v0.13.3 Latest Latest Go to latest Published: Aug 5, 2021 License: Apache-2.0, MPL-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fluxcd/kustomize-controller

Links

Open Source Insights

Documentation ¶

Index ¶

func NewServer(prompt bool, homeDir string, agePrivateKeys []string) keyservice.KeyServiceServer
type LocalClient
- func NewLocalClient(server keyservice.KeyServiceServer) LocalClient
- func (c LocalClient) Decrypt(ctx context.Context, req *keyservice.DecryptRequest, opts ...grpc.CallOption) (*keyservice.DecryptResponse, error)
- func (c LocalClient) Encrypt(ctx context.Context, req *keyservice.EncryptRequest, opts ...grpc.CallOption) (*keyservice.EncryptResponse, error)
type Server
- func (ks Server) Decrypt(ctx context.Context, req *keyservice.DecryptRequest) (*keyservice.DecryptResponse, error)
- func (ks Server) Encrypt(ctx context.Context, req *keyservice.EncryptRequest) (*keyservice.EncryptResponse, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewServer ¶

func NewServer(prompt bool, homeDir string, agePrivateKeys []string) keyservice.KeyServiceServer

Types ¶

type LocalClient ¶

type LocalClient struct {
	Server keyservice.KeyServiceServer
}

LocalClient is a key service client that performs all operations locally. The sole reason this exists is because the go.mozilla.org/sops/v3/keyservice.LocalClient does not implement the KeyServiceServer interface.

func NewLocalClient ¶

func NewLocalClient(server keyservice.KeyServiceServer) LocalClient

NewLocalClient creates a new local client that embeds the given KeyServiceServer.

func (LocalClient) Decrypt ¶

func (c LocalClient) Decrypt(ctx context.Context,
	req *keyservice.DecryptRequest, opts ...grpc.CallOption) (*keyservice.DecryptResponse, error)

Decrypt processes a decrypt request locally.

func (LocalClient) Encrypt ¶

func (c LocalClient) Encrypt(ctx context.Context,
	req *keyservice.EncryptRequest, opts ...grpc.CallOption) (*keyservice.EncryptResponse, error)

Encrypt processes an encrypt request locally.

type Server ¶

type Server struct {
	// Prompt indicates whether the server should prompt before decrypting
	// or encrypting data.
	Prompt bool

	// HomeDir configures the home directory used for PGP operations.
	HomeDir string

	// AgePrivateKeys configures the age private keys known by the server.
	AgePrivateKeys []string

	// DefaultServer is the server used for any other request than a PGP
	// or age encryption/decryption.
	DefaultServer keyservice.KeyServiceServer
}

Server is a key service server that uses SOPS MasterKeys to fulfill requests. It intercepts encryption and decryption requests made for PGP and Age keys, so that they can be run in a contained environment instead of the default implementation which heavily utilizes environmental variables. Any other request is forwarded to the embedded DefaultServer.

func (Server) Decrypt ¶

func (ks Server) Decrypt(ctx context.Context,
	req *keyservice.DecryptRequest) (*keyservice.DecryptResponse, error)

Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result.

func (Server) Encrypt ¶

func (ks Server) Encrypt(ctx context.Context,
	req *keyservice.EncryptRequest) (*keyservice.EncryptResponse, error)

Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL