azkv

package

v0.1.0-alpha.5 Latest Latest Go to latest Published: Feb 5, 2025 License: Apache-2.0, MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/peak-scale/sops-operator

Links

Open Source Insights

Documentation ¶

Index ¶

func LoadAADConfigFromBytes(b []byte, s *AADConfig) error
type AADConfig
- func (s AADConfig) GetCloudConfig() cloud.Configuration
type AZConfig
type MasterKey
- func MasterKeyFromURL(url, name, version string) *MasterKey
type Token
- func NewToken(token azcore.TokenCredential) *Token
- func TokenFromAADConfig(c AADConfig) (_ *Token, err error)
- func (t Token) ApplyToMasterKey(key *MasterKey)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadAADConfigFromBytes ¶

func LoadAADConfigFromBytes(b []byte, s *AADConfig) error

LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig. By first decoding it if UTF-16, and then unmarshalling it into the given struct. It returns an error for any failure.

Types ¶

type AADConfig ¶

type AADConfig struct {
	AZConfig
	TenantID                   string `json:"tenantId,omitempty"`
	ClientID                   string `json:"clientId,omitempty"`
	ClientSecret               string `json:"clientSecret,omitempty"`
	ClientCertificate          string `json:"clientCertificate,omitempty"`
	ClientCertificatePassword  string `json:"clientCertificatePassword,omitempty"`
	ClientCertificateSendChain bool   `json:"clientCertificateSendChain,omitempty"`
	AuthorityHost              string `json:"authorityHost,omitempty"`
}

AADConfig contains the selection of fields from an Azure authentication file required for Active Directory authentication.

func (AADConfig) GetCloudConfig ¶

func (s AADConfig) GetCloudConfig() cloud.Configuration

GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the Azure Public Cloud default.

type AZConfig ¶

type AZConfig struct {
	AppID    string `json:"appId,omitempty"`
	Tenant   string `json:"tenant,omitempty"`
	Password string `json:"password,omitempty"`
}

AZConfig contains the Service Principal fields as generated by `az`. Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal

type MasterKey ¶

type MasterKey struct {
	VaultURL string
	Name     string
	Version  string

	EncryptedKey string
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is an Azure Key Vault Key used to Encrypt and Decrypt SOPS' data key.

The underlying authentication token can be configured using TokenFromAADConfig and Token.ApplyToMasterKey().

func MasterKeyFromURL ¶

func MasterKeyFromURL(url, name, version string) *MasterKey

MasterKeyFromURL creates a new MasterKey from a Vault URL, key name, and key version.

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns the result.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with Azure Key Vault, and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

type Token ¶

type Token struct {
	// contains filtered or unexported fields
}

Token is an azcore.TokenCredential used for authenticating towards Azure Key Vault.

func NewToken ¶

func NewToken(token azcore.TokenCredential) *Token

NewToken creates a new Token with the provided azcore.TokenCredential.

func TokenFromAADConfig ¶

func TokenFromAADConfig(c AADConfig) (_ *Token, err error)

TokenFromAADConfig attempts to construct a Token using the AADConfig values. It detects credentials in the following order:

azidentity.ClientSecretCredential when `tenantId`, `clientId` and `clientSecret` fields are found.
azidentity.ClientCertificateCredential when `tenantId`, `clientCertificate` (and optionally `clientCertificatePassword`) fields are found.
azidentity.ClientSecretCredential when AZConfig fields are found.
azidentity.ManagedIdentityCredential for a User ID, when a `clientId` field but no `tenantId` is found.

If no set of credentials is found or the azcore.TokenCredential can not be created, an error is returned.

func (Token) ApplyToMasterKey ¶

func (t Token) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the Token on the provided key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL