Documentation
¶
Overview ¶
Package secret provides the ability for Vela to integrate with different supported Secret backends.
Usage:
import "github.com/go-vela/server/secret"
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var Flags = []cli.Flag{ &cli.BoolFlag{ Name: "secret.vault.driver", Usage: "enables the vault secret driver", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT"), cli.EnvVar("SECRET_VAULT"), cli.File("/vela/secret/vault/driver"), ), }, &cli.StringFlag{ Name: "secret.vault.addr", Usage: "fully qualified url (<scheme>://<host>) for the vault system", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_ADDR"), cli.EnvVar("SECRET_VAULT_ADDR"), cli.File("/vela/secret/vault/addr"), ), }, &cli.StringFlag{ Name: "secret.vault.auth-method", Usage: "authentication method used to obtain token from vault system", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_AUTH_METHOD"), cli.EnvVar("SECRET_VAULT_AUTH_METHOD"), cli.File("/vela/secret/vault/auth_method"), ), }, &cli.StringFlag{ Name: "secret.vault.aws-role", Usage: "vault role used to connect to the auth/aws/login endpoint", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_AWS_ROLE"), cli.EnvVar("SECRET_VAULT_AWS_ROLE"), cli.File("/vela/secret/vault/aws_role"), ), }, &cli.StringFlag{ Name: "secret.vault.prefix", Usage: "prefix for k/v secrets in vault system e.g. secret/data/<prefix>/<path>", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_PREFIX"), cli.EnvVar("SECRET_VAULT_PREFIX"), cli.File("/vela/secret/vault/prefix"), ), }, &cli.DurationFlag{ Name: "secret.vault.renewal", Usage: "frequency which the vault token should be renewed", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_RENEWAL"), cli.EnvVar("SECRET_VAULT_RENEWAL"), cli.File("/vela/secret/vault/renewal"), ), Value: 30 * time.Minute, }, &cli.StringFlag{ Name: "secret.vault.token", Usage: "token used to access vault system", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_TOKEN"), cli.EnvVar("SECRET_VAULT_TOKEN"), cli.File("/vela/secret/vault/token"), ), }, &cli.StringFlag{ Name: "secret.vault.version", Usage: "version for the kv backend for the vault system", Sources: cli.NewValueSourceChain( cli.EnvVar("VELA_SECRET_VAULT_VERSION"), cli.EnvVar("SECRET_VAULT_VERSION"), cli.File("/vela/secret/vault/version"), ), Value: "2", }, }
Flags represents all supported command line interface (CLI) flags for the secret.
Functions ¶
Types ¶
type Service ¶
type Service interface {
// Driver defines a function that outputs
// the configured source driver.
Driver() string
// Get defines a function that captures a secret.
Get(context.Context, string, string, string, string) (*api.Secret, error)
// List defines a function that captures a list of secrets.
List(context.Context, string, string, string, int, int, []string) ([]*api.Secret, error)
// Count defines a function that counts a list of secrets.
Count(context.Context, string, string, string, []string) (int64, error)
// Create defines a function that creates a new secret.
Create(context.Context, string, string, string, *api.Secret) (*api.Secret, error)
// Update defines a function that updates an existing secret.
Update(context.Context, string, string, string, *api.Secret) (*api.Secret, error)
// Delete defines a function that deletes a secret.
Delete(context.Context, string, string, string, string) error
}
Service represents the interface for Vela integrating with the different supported secret providers.
func FromContext ¶
FromContext returns the secret Service associated with this context.
type Setup ¶ added in v0.8.0
type Setup struct {
// specifies the driver to use for the secret client
Driver string
// specifies the database service to use for the secret client
Database database.Interface
// specifies the address to use for the secret client
Address string
// specifies the authentication method to use for the secret client
AuthMethod string
// specifies the AWS role to use for the secret client
AwsRole string
// specifies the prefix to use for the secret client
Prefix string
// specifies the token to use for the secret client
Token string
// specifies the token duration to use for the secret client
TokenDuration time.Duration
// specifies the version to use for the secret client
Version string
}
Setup represents the configuration necessary for creating a Vela service capable of integrating with a configured secret system.
func (*Setup) Native ¶ added in v0.8.0
Native creates and returns a Vela service capable of integrating with a Native (Database) secret system.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package native provides the ability for Vela to integrate with the Database as a secret backend.
|
Package native provides the ability for Vela to integrate with the Database as a secret backend. |
|
Package vault provides the ability for Vela to integrate with HashiCorp Vault as a secret backend.
|
Package vault provides the ability for Vela to integrate with HashiCorp Vault as a secret backend. |
Click to show internal directories.
Click to hide internal directories.