Documentation
¶
Index ¶
- Constants
- type MissingKubernetesSecretError
- type SOPSDecryptor
- func (d *SOPSDecryptor) AddAgeKey(key []byte) error
- func (d *SOPSDecryptor) AddGPGKey(key []byte) error
- func (d *SOPSDecryptor) Decrypt(data *api.Metadata, secret *sopsv1alpha1.SopsSecretItem, log logr.Logger) error
- func (d *SOPSDecryptor) IsEncrypted(obj client.Object) (api.SopsImplementation, bool, error)
- func (d *SOPSDecryptor) KeysFromSecret(ctx context.Context, c client.Client, secretName string, namespace string) (err error)
- func (d *SOPSDecryptor) RemoveKeyRing() error
- func (d *SOPSDecryptor) SetAWSCredentials(token []byte) (err error)
- func (d *SOPSDecryptor) SetAzureCredentials(config []byte) (err error)
- func (d *SOPSDecryptor) SetGCPCredentials(config []byte)
- func (d *SOPSDecryptor) SetVaultToken(token []byte)
- func (d *SOPSDecryptor) SopsDecryptWithFormat(data []byte, log logr.Logger, inputFormat, outputFormat formats.Format) (_ []byte, err error)
Constants ¶
const ( // DecryptionProviderSOPS is the SOPS provider name. DecryptionProviderSOPS = "sops" // DecryptionPGPExt is the extension of the file containing an armored PGP // key. DecryptionPGPExt = ".asc" // DecryptionAgeExt is the extension of the file containing an age key // file. DecryptionAgeExt = ".agekey" // DecryptionVaultTokenFileName is the name of the file containing the // Hashicorp Vault token. DecryptionVaultTokenFileName = "sops.vault-token" // DecryptionAWSKmsFile is the name of the file containing the AWS KMS // credentials. DecryptionAWSKmsFile = "sops.aws-kms" // DecryptionAzureAuthFile is the name of the file containing the Azure // credentials. DecryptionAzureAuthFile = "sops.azure-kv" // DecryptionGCPCredsFile is the name of the file containing the GCP // credentials. DecryptionGCPCredsFile = "sops.gcp-kms" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MissingKubernetesSecretError ¶ added in v0.2.0
func (*MissingKubernetesSecretError) Error ¶ added in v0.2.0
func (e *MissingKubernetesSecretError) Error() string
type SOPSDecryptor ¶
type SOPSDecryptor struct {
// contains filtered or unexported fields
}
Decryptor performs decryption operations for a v1.Kustomization. The only supported decryption provider at present is DecryptionProviderSOPS.
func NewSOPSDecryptor ¶
func NewSOPSDecryptor(gnuPGHome string) *SOPSDecryptor
NewDecryptor creates a new Decryptor for the given kustomization. gnuPGHome can be empty, in which case the systems' keyring is used.
func NewSOPSTempDecryptor ¶
func NewSOPSTempDecryptor() (*SOPSDecryptor, func(), error)
NewTempDecryptor creates a new Decryptor, with a temporary GnuPG home directory to Decryptor.ImportKeys() into.
func (*SOPSDecryptor) AddAgeKey ¶
func (d *SOPSDecryptor) AddAgeKey(key []byte) error
AddAgeKey to the decryptor's identities.
func (*SOPSDecryptor) AddGPGKey ¶
func (d *SOPSDecryptor) AddGPGKey(key []byte) error
AddGPGKey adds given GPG key to the decryptor's keyring.
func (*SOPSDecryptor) Decrypt ¶
func (d *SOPSDecryptor) Decrypt(data *api.Metadata, secret *sopsv1alpha1.SopsSecretItem, log logr.Logger) error
Read reads the input data, decrypts it, and returns the decrypted data.
func (*SOPSDecryptor) IsEncrypted ¶
func (d *SOPSDecryptor) IsEncrypted(obj client.Object) (api.SopsImplementation, bool, error)
IsEncrypted returns true if the given data is encrypted by SOPS.
func (*SOPSDecryptor) KeysFromSecret ¶
func (*SOPSDecryptor) RemoveKeyRing ¶
func (d *SOPSDecryptor) RemoveKeyRing() error
Only call this for Temporary Decryptors.
func (*SOPSDecryptor) SetAWSCredentials ¶
func (d *SOPSDecryptor) SetAWSCredentials(token []byte) (err error)
SetAWSCredentials adds AWS credentials for the decryptor. Reference: https://github.com/getsops/sops#aws-kms-encryption-context
func (*SOPSDecryptor) SetAzureCredentials ¶
func (d *SOPSDecryptor) SetAzureCredentials(config []byte) (err error)
SetAzureAuthFile adds AWS credentials for the decryptor.
func (*SOPSDecryptor) SetGCPCredentials ¶
func (d *SOPSDecryptor) SetGCPCredentials(config []byte)
SetGCPCredentials adds GCP credentials for the decryptor.
func (*SOPSDecryptor) SetVaultToken ¶
func (d *SOPSDecryptor) SetVaultToken(token []byte)
SetVaultToken sets the Vault token for the decryptor.
func (*SOPSDecryptor) SopsDecryptWithFormat ¶
func (d *SOPSDecryptor) SopsDecryptWithFormat(data []byte, log logr.Logger, inputFormat, outputFormat formats.Format) (_ []byte, err error)
SopsDecryptWithFormat attempts to load a SOPS encrypted file using the store for the input format, gathers the data key for it from the key service, and then decrypts the file data with the retrieved data key. It returns the decrypted bytes in the provided output format, or an error.
Source Files
Directories