secrets

package

v0.6.17 Latest Latest Go to latest Published: Jan 8, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/toolhive

Links

Documentation ¶

Overview ¶

Package secrets provides generic secret management utilities for authentication. This package contains functions that can be used by any authentication method (OAuth, bearer tokens, etc.) to process secrets and store them in a secrets manager.

Index ¶

func GenerateUniqueSecretNameWithPrefix(workloadName, prefix string, secretManager secrets.Provider) (string, error)
func GetSecretsManager() (secrets.Provider, error)
func ProcessSecret(workloadName, secretValue string, tokenType TokenType) (string, error)
func ProcessSecretWithProvider(workloadName, secretValue string, secretManager secrets.Provider, ...) (string, error)
func StoreSecretInManagerWithProvider(ctx context.Context, secretName, secretValue string, ...) error
type TokenType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateUniqueSecretNameWithPrefix ¶

func GenerateUniqueSecretNameWithPrefix(workloadName, prefix string, secretManager secrets.Provider) (string, error)

GenerateUniqueSecretNameWithPrefix generates a unique secret name with a custom prefix This is a generic function that can be used for any secret type

func GetSecretsManager ¶

func GetSecretsManager() (secrets.Provider, error)

GetSecretsManager returns the secrets manager instance This is exported so it can be reused by other packages

func ProcessSecret ¶

func ProcessSecret(workloadName, secretValue string, tokenType TokenType) (string, error)

ProcessSecret processes a secret, converting plain text to CLI format if needed. This is a generic function that can be used for any secret type. Parameters:

workloadName: Name of the workload (used for secret naming)
secretValue: The secret value (plain text or already in CLI format)
tokenType: The type of token/secret (determines prefix, target, and error context)

Returns the secret in CLI format: "secret-name,target=target_value"

func ProcessSecretWithProvider ¶

func ProcessSecretWithProvider(
	workloadName,
	secretValue string,
	secretManager secrets.Provider,
	tokenType TokenType,
) (string, error)

ProcessSecretWithProvider processes a secret using the provided secret manager This version is testable with dependency injection and is used for testing

func StoreSecretInManagerWithProvider ¶

func StoreSecretInManagerWithProvider(ctx context.Context, secretName, secretValue string, secretManager secrets.Provider) error

StoreSecretInManagerWithProvider stores a secret using the provided secret manager This version is testable with dependency injection

Types ¶

type TokenType ¶

type TokenType string

TokenType represents the type of authentication token/secret being processed

const (
	// TokenTypeOAuthClientSecret represents an OAuth client secret
	// #nosec G101 - this is a type identifier, not a credential
	TokenTypeOAuthClientSecret TokenType = "oauth_client_secret"
	// TokenTypeBearerToken represents a bearer token
	TokenTypeBearerToken TokenType = "bearer_token"
)

Source Files ¶

View all Source files

secrets.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL