Documentation
¶
Index ¶
- Constants
- Variables
- func ECBDecrypt(block cipher.Block, dst, src []byte) error
- type ContainerRegistryCredentials
- type KeyringBuilder
- func (kb *KeyringBuilder) Apply(keyring *credentials.GeneralOciKeyring) error
- func (kb *KeyringBuilder) Build() (*credentials.GeneralOciKeyring, error)
- func (kb *KeyringBuilder) For(ref string) *KeyringBuilder
- func (kb *KeyringBuilder) FromPath(path string) *KeyringBuilder
- func (kb *KeyringBuilder) WithFS(fs vfs.FileSystem) *KeyringBuilder
- func (kb *KeyringBuilder) WithLog(log logr.Logger) *KeyringBuilder
- func (kb *KeyringBuilder) WithMinPrivileges(priv Privilege) *KeyringBuilder
- type Privilege
- type SecretServer
- type SecretServerConfig
Constants ¶
const CipherEnvVarName = "SECRET_CIPHER_ALGORITHM"
CipherEnvVarName is the name of the envvar that contains the decryption cipher algorithm.
const ConcourseConfigEnvVarName = "SECRETS_SERVER_CONCOURSE_CFG_NAME"
ConcourseConfigEnvVarName is the name of the envvar that contains the name of concourse config.
const ContainerRegistryConfigType = "container_registry"
ContainerRegistryConfigType is the cc secret server container registry config type
const EndpointEnvVarName = "SECRETS_SERVER_ENDPOINT"
EndpointEnvVarName is the name of the envvar that contains the endpoint of the secret server.
const SecretKeyEnvVarName = "SECRET_KEY"
SecretKeyEnvVarName is the name of the envar that contains the decryption key.
Variables ¶
var ErrNoSecretFoundError = errors.New("no secret server configuration found")
Functions ¶
Types ¶
type ContainerRegistryCredentials ¶
type ContainerRegistryCredentials struct {
Username string `json:"username"`
Password string `json:"password"`
Privileges Privilege `json:"privileges"`
Host string `json:"host,omitempty"`
ImageReferencePrefixes []string `json:"image_reference_prefixes,omitempty"`
}
ContainerRegistryCredentials describes the container registry credentials struct as given by the cc secrets server.
type KeyringBuilder ¶
type KeyringBuilder struct {
// contains filtered or unexported fields
}
KeyringBuilder is a builder that creates a keyring from a concourse config file.
func (*KeyringBuilder) Apply ¶
func (kb *KeyringBuilder) Apply(keyring *credentials.GeneralOciKeyring) error
Apply applies the found configuration to the given keyring.
func (*KeyringBuilder) Build ¶
func (kb *KeyringBuilder) Build() (*credentials.GeneralOciKeyring, error)
Build creates a oci keyring based on the given configuration. It returns nil if now credentials can be found.
func (*KeyringBuilder) For ¶
func (kb *KeyringBuilder) For(ref string) *KeyringBuilder
For configures the builder to only include the config that one reference.
func (*KeyringBuilder) FromPath ¶
func (kb *KeyringBuilder) FromPath(path string) *KeyringBuilder
FromPath configures local concourse config file.
func (*KeyringBuilder) WithFS ¶
func (kb *KeyringBuilder) WithFS(fs vfs.FileSystem) *KeyringBuilder
WithFS configures the builder to use a different filesystem
func (*KeyringBuilder) WithLog ¶
func (kb *KeyringBuilder) WithLog(log logr.Logger) *KeyringBuilder
WithLog configures a optional logger
func (*KeyringBuilder) WithMinPrivileges ¶
func (kb *KeyringBuilder) WithMinPrivileges(priv Privilege) *KeyringBuilder
WithMinPrivileges configures the builder to only include credentials with a minimal config
type SecretServer ¶
type SecretServer struct {
// contains filtered or unexported fields
}
func NewSecretServer ¶
func NewSecretServer() (*SecretServer, error)
NewSecretServer creates a new secret server instance using given env vars.
func (*SecretServer) Get ¶
func (ss *SecretServer) Get() (*SecretServerConfig, error)
Get returns the secret configuration from the server.
type SecretServerConfig ¶
type SecretServerConfig struct {
ContainerRegistry map[string]*ContainerRegistryCredentials `json:"container_registry"`
}
SecretServerConfig is the struct that describes the secret server concourse config
Source Files