Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

credentials

package

Go to main page

Versions in this module

v7

v7.0.101

May 1, 2026

Changes in this version

+ const DefaultECSRoleEndpoint

+ const DefaultExpiryWindow

+ const DefaultIAMRoleEndpoint

+ const DefaultIAMSecurityCredsPath

+ const DefaultSTSRoleEndpoint

+ const STSVersion

+ const TokenPath

+ const TokenRequestHeader

+ const TokenRequestTTLHeader

+ const TokenTTL

+ func WithPolicy(policy string) func(*STSWebIdentity)

+ type AssumeRoleResponse struct

+ ResponseMetadata struct{ ... }

+ Result AssumeRoleResult

+ XMLName xml.Name

+ type AssumeRoleResult struct

+ AssumedRoleUser AssumedRoleUser

+ Credentials struct{ ... }

+ PackedPolicySize int

+ type AssumeRoleWithClientGrantsResponse struct

+ ResponseMetadata struct{ ... }

+ Result ClientGrantsResult

+ XMLName xml.Name

+ type AssumeRoleWithCustomTokenResponse struct

+ Metadata struct{ ... }

+ Result CustomTokenResult

+ XMLName xml.Name

+ type AssumeRoleWithLDAPResponse struct

+ ResponseMetadata struct{ ... }

+ Result LDAPIdentityResult

+ XMLName xml.Name

+ type AssumeRoleWithWebIdentityResponse struct

+ ResponseMetadata struct{ ... }

+ Result WebIdentityResult

+ XMLName xml.Name

+ type AssumedRoleUser struct

+ Arn string

+ AssumedRoleID string

+ type CertificateIdentityOption func(*STSCertificateIdentity)

+ func CertificateIdentityWithExpiry(livetime time.Duration) CertificateIdentityOption

+ func CertificateIdentityWithTransport(t http.RoundTripper) CertificateIdentityOption

+ type Chain struct

+ Providers []Provider

+ func (c *Chain) IsExpired() bool

+ func (c *Chain) Retrieve() (Value, error)

+ func (c *Chain) RetrieveWithCredContext(cc *CredContext) (Value, error)

+ type ClientGrantsResult struct

+ AssumedRoleUser AssumedRoleUser

+ Audience string

+ Credentials struct{ ... }

+ PackedPolicySize int

+ Provider string

+ SubjectFromClientGrantsToken string

+ type ClientGrantsToken struct

+ Expiry int

+ Token string

+ type CredContext struct

+ Client *http.Client

+ Endpoint string

+ type Credentials struct

+ func New(provider Provider) *Credentials

+ func NewChainCredentials(providers []Provider) *Credentials

+ func NewCustomTokenCredentials(stsEndpoint, token, roleArn string, optFuncs ...CustomTokenOpt) (*Credentials, error)

+ func NewEnvAWS() *Credentials

+ func NewEnvMinio() *Credentials

+ func NewFileAWSCredentials(filename, profile string) *Credentials

+ func NewFileMinioClient(filename, alias string) *Credentials

+ func NewIAM(endpoint string) *Credentials

+ func NewKubernetesIdentity(stsEndpoint string, opts ...func(*STSWebIdentity)) (*Credentials, error)

+ func NewLDAPIdentity(stsEndpoint, ldapUsername, ldapPassword string, optFuncs ...LDAPIdentityOpt) (*Credentials, error)

+ func NewLDAPIdentityWithSessionPolicy(stsEndpoint, ldapUsername, ldapPassword, policy string) (*Credentials, error)

+ func NewSTSAssumeRole(stsEndpoint string, opts STSAssumeRoleOptions) (*Credentials, error)

+ func NewSTSCertificateIdentity(endpoint string, certificate tls.Certificate, ...) (*Credentials, error)

+ func NewSTSClientGrants(stsEndpoint string, ...) (*Credentials, error)

+ func NewSTSWebIdentity(stsEndpoint string, getWebIDTokenExpiry func() (*WebIdentityToken, error), ...) (*Credentials, error)

+ func NewStatic(id, secret, token string, signerType SignatureType) *Credentials

+ func NewStaticV2(id, secret, token string) *Credentials

+ func NewStaticV4(id, secret, token string) *Credentials

+ func (c *Credentials) Expire()

+ func (c *Credentials) Get() (Value, error)

+ func (c *Credentials) GetWithContext(cc *CredContext) (Value, error)

+ func (c *Credentials) IsExpired() bool

+ type CustomTokenIdentity struct

+ Client *http.Client

+ RequestedExpiry time.Duration

+ RoleArn string

+ STSEndpoint string

+ Token string

+ TokenRevokeType string

+ func (c *CustomTokenIdentity) Retrieve() (value Value, err error)

+ func (c *CustomTokenIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, err error)

+ type CustomTokenOpt func(*CustomTokenIdentity)

+ func CustomTokenValidityOpt(d time.Duration) CustomTokenOpt

+ type CustomTokenResult struct

+ AssumedUser string

+ Credentials struct{ ... }

+ type EnvAWS struct

+ func (e *EnvAWS) IsExpired() bool

+ func (e *EnvAWS) Retrieve() (Value, error)

+ func (e *EnvAWS) RetrieveWithCredContext(_ *CredContext) (Value, error)

+ type EnvMinio struct

+ func (e *EnvMinio) IsExpired() bool

+ func (e *EnvMinio) Retrieve() (Value, error)

+ func (e *EnvMinio) RetrieveWithCredContext(_ *CredContext) (Value, error)

+ type Error struct

+ BucketName string

+ Code string

+ HostID string

+ Key string

+ Message string

+ Region string

+ RequestID string

+ Resource string

+ Server string

+ StatusCode int

+ XMLName xml.Name

+ func (e Error) Error() string

+ type ErrorResponse struct

+ RequestID string

+ STSError struct{ ... }

+ XMLName xml.Name

+ func (e ErrorResponse) Error() string

+ type Expiry struct

+ CurrentTime func() time.Time

+ func (e *Expiry) IsExpired() bool

+ func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration)

+ type FileAWSCredentials struct

+ Filename string

+ Profile string

+ func (p *FileAWSCredentials) Retrieve() (Value, error)

+ func (p *FileAWSCredentials) RetrieveWithCredContext(_ *CredContext) (Value, error)

+ type FileMinioClient struct

+ Alias string

+ Filename string

+ func (p *FileMinioClient) IsExpired() bool

+ func (p *FileMinioClient) Retrieve() (Value, error)

+ func (p *FileMinioClient) RetrieveWithCredContext(_ *CredContext) (Value, error)

+ type IAM struct

+ Client *http.Client

+ Container struct{ ... }

+ EKSIdentity struct{ ... }

+ Endpoint string

+ Region string

+ func (m *IAM) Retrieve() (Value, error)

+ func (m *IAM) RetrieveWithCredContext(cc *CredContext) (Value, error)

+ type LDAPIdentity struct

+ Client *http.Client

+ ConfigName string

+ LDAPPassword string

+ LDAPUsername string

+ Policy string

+ RequestedExpiry time.Duration

+ STSEndpoint string

+ TokenRevokeType string

+ func (k *LDAPIdentity) Retrieve() (value Value, err error)

+ func (k *LDAPIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, err error)

+ type LDAPIdentityOpt func(*LDAPIdentity)

+ func LDAPIdentityConfigNameOpt(name string) LDAPIdentityOpt

+ func LDAPIdentityExpiryOpt(d time.Duration) LDAPIdentityOpt

+ func LDAPIdentityPolicyOpt(policy string) LDAPIdentityOpt

+ type LDAPIdentityResult struct

+ Credentials struct{ ... }

+ SubjectFromToken string

+ type Provider interface

+ IsExpired func() bool

+ Retrieve func() (Value, error)

+ RetrieveWithCredContext func(cc *CredContext) (Value, error)

+ type STSAssumeRole struct

+ Client *http.Client

+ Options STSAssumeRoleOptions

+ STSEndpoint string

+ func (m *STSAssumeRole) Retrieve() (Value, error)

+ func (m *STSAssumeRole) RetrieveWithCredContext(cc *CredContext) (Value, error)

+ type STSAssumeRoleOptions struct

+ AccessKey string

+ DurationSeconds int

+ ExternalID string

+ Location string

+ Policy string

+ RoleARN string

+ RoleSessionName string

+ SecretKey string

+ SessionToken string

+ TokenRevokeType string

+ type STSCertificateIdentity struct

+ Certificate tls.Certificate

+ Client *http.Client

+ S3CredentialLivetime time.Duration

+ STSEndpoint string

+ TokenRevokeType string

+ func (i *STSCertificateIdentity) Expiration() time.Time

+ func (i *STSCertificateIdentity) Retrieve() (Value, error)

+ func (i *STSCertificateIdentity) RetrieveWithCredContext(cc *CredContext) (Value, error)

+ type STSClientGrants struct

+ Client *http.Client

+ GetClientGrantsTokenExpiry func() (*ClientGrantsToken, error)

+ STSEndpoint string

+ func (m *STSClientGrants) Retrieve() (Value, error)

+ func (m *STSClientGrants) RetrieveWithCredContext(cc *CredContext) (Value, error)

+ type STSWebIdentity struct

+ Client *http.Client

+ GetWebIDTokenExpiry func() (*WebIdentityToken, error)

+ Policy string

+ RoleARN string

+ STSEndpoint string

+ TokenRevokeType string

+ func (m *STSWebIdentity) Expiration() time.Time

+ func (m *STSWebIdentity) Retrieve() (Value, error)

+ func (m *STSWebIdentity) RetrieveWithCredContext(cc *CredContext) (Value, error)

+ type SignatureType int

+ const SignatureAnonymous

+ const SignatureDefault

+ const SignatureV2

+ const SignatureV4

+ const SignatureV4Streaming

+ func (s SignatureType) IsAnonymous() bool

+ func (s SignatureType) IsStreamingV4() bool

+ func (s SignatureType) IsV2() bool

+ func (s SignatureType) IsV4() bool

+ func (s SignatureType) String() string

+ type Static struct

+ func (s *Static) IsExpired() bool

+ func (s *Static) Retrieve() (Value, error)

+ func (s *Static) RetrieveWithCredContext(_ *CredContext) (Value, error)

+ type Value struct

+ AccessKeyID string

+ Expiration time.Time

+ SecretAccessKey string

+ SessionToken string

+ SignerType SignatureType

+ type WebIdentityResult struct

+ AssumedRoleUser AssumedRoleUser

+ Audience string

+ Credentials struct{ ... }

+ PackedPolicySize int

+ Provider string

+ SubjectFromWebIdentityToken string

+ type WebIdentityToken struct

+ AccessToken string

+ Expiry int

+ RefreshToken string

+ Token string

Other modules containing this package

github.com/libreFS/librefs-go