Documentation
¶
Index ¶
- Constants
- Variables
- func IsAkeylessNotFound(err error) bool
- func IsInfisicalNotFound(err error) bool
- func NewAWSSSMProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAWSSSOProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAWSSTSProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAWSSecretsManagerProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAWSUnifiedProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAkeylessProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAzureIdentityProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAzureKeyVaultProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewAzureUnifiedProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewBitwardenProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewDopplerProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewGCPSecretManagerProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewGCPUnifiedProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewInfisicalProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewJSONProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewKeychainProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewLiteralProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewMockProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewOnePasswordProvider(config map[string]interface{}) (provider.Provider, error)
- func NewOnePasswordProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewOnePasswordProviderWithExecutor(config map[string]interface{}, executor pkgexec.CommandExecutor) (provider.Provider, error)
- func NewPassProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func NewVaultProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
- func ToAuthError(providerName string, err error) provider.AuthError
- func ToNotFoundError(providerName, key string, err error) provider.NotFoundError
- type AWSSSMProvider
- func (p *AWSSSMProvider) Capabilities() provider.Capabilities
- func (p *AWSSSMProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AWSSSMProvider) Name() string
- func (p *AWSSSMProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AWSSSMProvider) Validate(ctx context.Context) error
- type AWSSSOProvider
- func (p *AWSSSOProvider) Capabilities() provider.Capabilities
- func (p *AWSSSOProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AWSSSOProvider) Name() string
- func (p *AWSSSOProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AWSSSOProvider) Validate(ctx context.Context) error
- type AWSSTSProvider
- func (p *AWSSTSProvider) Capabilities() provider.Capabilities
- func (p *AWSSTSProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AWSSTSProvider) Name() string
- func (p *AWSSTSProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AWSSTSProvider) Validate(ctx context.Context) error
- type AWSSecretsManagerProvider
- func (aws *AWSSecretsManagerProvider) Capabilities() provider.Capabilities
- func (aws *AWSSecretsManagerProvider) CreateNewVersion(ctx context.Context, ref provider.Reference, newValue []byte, ...) (string, error)
- func (aws *AWSSecretsManagerProvider) DeprecateVersion(ctx context.Context, ref provider.Reference, version string) error
- func (aws *AWSSecretsManagerProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (aws *AWSSecretsManagerProvider) GetRotationMetadata(ctx context.Context, ref provider.Reference) (provider.RotationMetadata, error)
- func (aws *AWSSecretsManagerProvider) Int32(i int32) *int32
- func (aws *AWSSecretsManagerProvider) Name() string
- func (aws *AWSSecretsManagerProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (aws *AWSSecretsManagerProvider) String(s string) *string
- func (aws *AWSSecretsManagerProvider) Validate(ctx context.Context) error
- type AWSUnifiedProvider
- func (p *AWSUnifiedProvider) Capabilities() provider.Capabilities
- func (p *AWSUnifiedProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AWSUnifiedProvider) Name() string
- func (p *AWSUnifiedProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AWSUnifiedProvider) Validate(ctx context.Context) error
- type AkeylessAuth
- type AkeylessConfig
- type AkeylessError
- type AkeylessProvider
- func (p *AkeylessProvider) Capabilities() provider.Capabilities
- func (p *AkeylessProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AkeylessProvider) Name() string
- func (p *AkeylessProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AkeylessProvider) Validate(ctx context.Context) error
- type AkeylessReference
- type AzureIdentityConfig
- type AzureIdentityProvider
- func (p *AzureIdentityProvider) Capabilities() provider.Capabilities
- func (p *AzureIdentityProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AzureIdentityProvider) Name() string
- func (p *AzureIdentityProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AzureIdentityProvider) Validate(ctx context.Context) error
- type AzureKeyVaultClientAPI
- type AzureKeyVaultConfig
- type AzureKeyVaultProvider
- func (p *AzureKeyVaultProvider) Capabilities() provider.Capabilities
- func (p *AzureKeyVaultProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AzureKeyVaultProvider) Name() string
- func (p *AzureKeyVaultProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AzureKeyVaultProvider) Validate(ctx context.Context) error
- type AzureProviderOption
- type AzureUnifiedProvider
- func (p *AzureUnifiedProvider) Capabilities() provider.Capabilities
- func (p *AzureUnifiedProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *AzureUnifiedProvider) Name() string
- func (p *AzureUnifiedProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *AzureUnifiedProvider) Validate(ctx context.Context) error
- type BitwardenField
- type BitwardenItem
- type BitwardenItemType
- type BitwardenLogin
- type BitwardenProvider
- func (bw *BitwardenProvider) Capabilities() provider.Capabilities
- func (bw *BitwardenProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (bw *BitwardenProvider) Name() string
- func (bw *BitwardenProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (bw *BitwardenProvider) Validate(ctx context.Context) error
- type BitwardenStatus
- type BitwardenUri
- type DopplerConfig
- type DopplerProvider
- func (p *DopplerProvider) Capabilities() provider.Capabilities
- func (p *DopplerProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *DopplerProvider) Name() string
- func (p *DopplerProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *DopplerProvider) Validate(ctx context.Context) error
- type GCPProviderOption
- type GCPSecretManagerClientAPI
- type GCPSecretManagerConfig
- type GCPSecretManagerProvider
- func (p *GCPSecretManagerProvider) Capabilities() provider.Capabilities
- func (p *GCPSecretManagerProvider) CreateNewVersion(ctx context.Context, ref provider.Reference, newValue []byte, ...) (string, error)
- func (p *GCPSecretManagerProvider) DeprecateVersion(ctx context.Context, ref provider.Reference, version string) error
- func (p *GCPSecretManagerProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *GCPSecretManagerProvider) GetRotationMetadata(ctx context.Context, ref provider.Reference) (provider.RotationMetadata, error)
- func (p *GCPSecretManagerProvider) Name() string
- func (p *GCPSecretManagerProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *GCPSecretManagerProvider) Validate(ctx context.Context) error
- type GCPUnifiedProvider
- func (p *GCPUnifiedProvider) Capabilities() provider.Capabilities
- func (p *GCPUnifiedProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *GCPUnifiedProvider) Name() string
- func (p *GCPUnifiedProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *GCPUnifiedProvider) Validate(ctx context.Context) error
- type InfisicalAuth
- type InfisicalConfig
- type InfisicalError
- type InfisicalProvider
- func (p *InfisicalProvider) Capabilities() provider.Capabilities
- func (p *InfisicalProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *InfisicalProvider) Name() string
- func (p *InfisicalProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *InfisicalProvider) Validate(ctx context.Context) error
- type InfisicalReference
- type JSONProvider
- type KeychainConfig
- type KeychainError
- type KeychainProvider
- func (kc *KeychainProvider) Capabilities() provider.Capabilities
- func (kc *KeychainProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (kc *KeychainProvider) Name() string
- func (kc *KeychainProvider) Platform() string
- func (kc *KeychainProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (kc *KeychainProvider) Validate(ctx context.Context) error
- type KeychainReference
- type LiteralProvider
- func (l *LiteralProvider) Capabilities() provider.Capabilities
- func (l *LiteralProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (l *LiteralProvider) Name() string
- func (l *LiteralProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (l *LiteralProvider) SetValue(key, value string)
- func (l *LiteralProvider) Validate(ctx context.Context) error
- type MockProvider
- func (m *MockProvider) Capabilities() provider.Capabilities
- func (m *MockProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (m *MockProvider) Name() string
- func (m *MockProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (m *MockProvider) SetDelay(delay time.Duration)
- func (m *MockProvider) SetFailure(key string, err error)
- func (m *MockProvider) SetValue(key, value string)
- func (m *MockProvider) Validate(ctx context.Context) error
- type NewAkeylessProviderFunc
- type NewInfisicalProviderFunc
- type NewKeychainProviderFunc
- type OnePasswordField
- type OnePasswordItem
- type OnePasswordProvider
- func (op *OnePasswordProvider) Capabilities() provider.Capabilities
- func (op *OnePasswordProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (op *OnePasswordProvider) Name() string
- func (op *OnePasswordProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (op *OnePasswordProvider) Validate(ctx context.Context) error
- type OnePasswordURL
- type PassConfig
- type PassProvider
- func (p *PassProvider) Capabilities() provider.Capabilities
- func (p *PassProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
- func (p *PassProvider) Name() string
- func (p *PassProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
- func (p *PassProvider) Validate(ctx context.Context) error
- type ProviderFactory
- type ProviderOption
- type Registry
- type SSMClientAPI
- type SSMConfig
- type SSMProviderOption
- type SSOConfig
- type STSConfig
- type SecretsManagerClientAPI
- type TokenCache
- type UnifiedAWSConfig
- type UnifiedAzureConfig
- type UnifiedGCPConfig
Constants ¶
const ( DefaultInfisicalHost = "https://app.infisical.com" DefaultAkeylessGateway = "https://api.akeyless.io" DefaultTimeout = 30 * time.Second )
Default values for provider configurations
Variables ¶
var ( ErrKeychainItemNotFound = fmt.Errorf("keychain item not found") ErrKeychainAccessDenied = fmt.Errorf("keychain access denied") ErrKeychainUnsupportedPlatform = fmt.Errorf("keychain not supported on this platform") ErrKeychainHeadless = fmt.Errorf("keychain requires GUI environment for authentication") ErrKeychainLocked = fmt.Errorf("keychain is locked") )
Keychain sentinel errors
var ( ErrInfisicalSecretNotFound = fmt.Errorf("infisical secret not found") ErrInfisicalForbidden = fmt.Errorf("infisical forbidden") ErrInfisicalRateLimited = fmt.Errorf("infisical rate limited") )
Infisical sentinel errors
var ( ErrAkeylessSecretNotFound = fmt.Errorf("akeyless secret not found") ErrAkeylessPermission = fmt.Errorf("akeyless permission denied") ErrAkeylessRateLimited = fmt.Errorf("akeyless rate limited") )
Akeyless sentinel errors
Functions ¶
func IsAkeylessNotFound ¶ added in v0.2.4
IsAkeylessNotFound returns true if the error is a not found error
func IsInfisicalNotFound ¶ added in v0.2.4
IsInfisicalNotFound returns true if the error is a not found error
func NewAWSSSMProviderFactory ¶
func NewAWSSSMProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAWSSSMProviderFactory creates an AWS SSM provider factory
func NewAWSSSOProviderFactory ¶
func NewAWSSSOProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAWSSSOProviderFactory creates an AWS SSO provider factory
func NewAWSSTSProviderFactory ¶
func NewAWSSTSProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAWSSTSProviderFactory creates an AWS STS provider factory
func NewAWSSecretsManagerProviderFactory ¶
func NewAWSSecretsManagerProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAWSSecretsManagerProviderFactory creates an AWS Secrets Manager provider factory
func NewAWSUnifiedProviderFactory ¶
func NewAWSUnifiedProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAWSUnifiedProviderFactory creates an AWS unified provider factory
func NewAkeylessProviderFactory ¶ added in v0.2.4
func NewAkeylessProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAkeylessProviderFactory creates an Akeyless provider factory
func NewAzureIdentityProviderFactory ¶
func NewAzureIdentityProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAzureIdentityProviderFactory creates an Azure Identity provider factory
func NewAzureKeyVaultProviderFactory ¶
func NewAzureKeyVaultProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAzureKeyVaultProviderFactory creates an Azure Key Vault provider factory
func NewAzureUnifiedProviderFactory ¶
func NewAzureUnifiedProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewAzureUnifiedProviderFactory creates an Azure unified provider factory
func NewBitwardenProviderFactory ¶
func NewBitwardenProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewBitwardenProviderFactory creates a Bitwarden provider factory
func NewDopplerProviderFactory ¶
func NewDopplerProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewDopplerProviderFactory creates a Doppler provider factory
func NewGCPSecretManagerProviderFactory ¶
func NewGCPSecretManagerProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewGCPSecretManagerProviderFactory creates a GCP Secret Manager provider factory
func NewGCPUnifiedProviderFactory ¶
func NewGCPUnifiedProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewGCPUnifiedProviderFactory creates a GCP unified provider factory
func NewInfisicalProviderFactory ¶ added in v0.2.4
func NewInfisicalProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewInfisicalProviderFactory creates an Infisical provider factory
func NewJSONProviderFactory ¶
NewJSONProviderFactory creates a JSON provider factory
func NewKeychainProviderFactory ¶ added in v0.2.4
func NewKeychainProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewKeychainProviderFactory creates a keychain provider factory
func NewLiteralProviderFactory ¶
func NewLiteralProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewLiteralProviderFactory creates a literal provider factory
func NewMockProviderFactory ¶
NewMockProviderFactory creates a mock provider factory
func NewOnePasswordProvider ¶
NewOnePasswordProvider creates a new 1Password provider instance
func NewOnePasswordProviderFactory ¶
func NewOnePasswordProviderFactory(name string, config map[string]interface{}) (provider.Provider, error)
NewOnePasswordProviderFactory creates a 1Password provider factory
func NewOnePasswordProviderWithExecutor ¶
func NewOnePasswordProviderWithExecutor(config map[string]interface{}, executor pkgexec.CommandExecutor) (provider.Provider, error)
NewOnePasswordProviderWithExecutor creates a new 1Password provider with a custom executor. This is primarily for testing, allowing command execution to be mocked.
func NewPassProviderFactory ¶
NewPassProviderFactory creates a pass provider factory
func NewVaultProviderFactory ¶
NewVaultProviderFactory creates a HashiCorp Vault provider factory
func ToAuthError ¶ added in v0.2.4
ToAuthError converts provider-specific errors to the standard AuthError
func ToNotFoundError ¶ added in v0.2.4
func ToNotFoundError(providerName, key string, err error) provider.NotFoundError
ToNotFoundError converts provider-specific errors to the standard NotFoundError
Types ¶
type AWSSSMProvider ¶
type AWSSSMProvider struct {
// contains filtered or unexported fields
}
AWSSSMProvider implements the Provider interface for AWS Systems Manager Parameter Store
func NewAWSSSMProvider ¶
func NewAWSSSMProvider(name string, configMap map[string]interface{}, opts ...SSMProviderOption) (*AWSSSMProvider, error)
NewAWSSSMProvider creates a new AWS SSM Parameter Store provider
func (*AWSSSMProvider) Capabilities ¶
func (p *AWSSSMProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*AWSSSMProvider) Describe ¶
func (p *AWSSSMProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a parameter without fetching its value
func (*AWSSSMProvider) Resolve ¶
func (p *AWSSSMProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve fetches a parameter from SSM Parameter Store
type AWSSSOProvider ¶
type AWSSSOProvider struct {
// contains filtered or unexported fields
}
AWSSSOProvider implements the Provider interface for AWS IAM Identity Center (formerly AWS SSO)
func NewAWSSSOProvider ¶
func NewAWSSSOProvider(name string, configMap map[string]interface{}) (*AWSSSOProvider, error)
NewAWSSSOProvider creates a new AWS SSO provider
func (*AWSSSOProvider) Capabilities ¶
func (p *AWSSSOProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*AWSSSOProvider) Describe ¶
func (p *AWSSSOProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about the SSO provider
func (*AWSSSOProvider) Resolve ¶
func (p *AWSSSOProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve fetches temporary credentials from SSO
type AWSSTSProvider ¶
type AWSSTSProvider struct {
// contains filtered or unexported fields
}
AWSSTSProvider implements the Provider interface for AWS STS (Security Token Service)
func NewAWSSTSProvider ¶
func NewAWSSTSProvider(name string, configMap map[string]interface{}) (*AWSSTSProvider, error)
NewAWSSTSProvider creates a new AWS STS provider
func (*AWSSTSProvider) Capabilities ¶
func (p *AWSSTSProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*AWSSTSProvider) Describe ¶
func (p *AWSSTSProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about the STS provider
func (*AWSSTSProvider) Resolve ¶
func (p *AWSSTSProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve fetches temporary credentials from STS
type AWSSecretsManagerProvider ¶
type AWSSecretsManagerProvider struct {
// contains filtered or unexported fields
}
AWSSecretsManagerProvider implements the provider interface for AWS Secrets Manager
func NewAWSSecretsManagerProvider ¶
func NewAWSSecretsManagerProvider(name string, providerConfig map[string]interface{}, opts ...ProviderOption) (*AWSSecretsManagerProvider, error)
NewAWSSecretsManagerProvider creates a new AWS Secrets Manager provider
func (*AWSSecretsManagerProvider) Capabilities ¶
func (aws *AWSSecretsManagerProvider) Capabilities() provider.Capabilities
Capabilities returns AWS Secrets Manager provider capabilities
func (*AWSSecretsManagerProvider) CreateNewVersion ¶
func (aws *AWSSecretsManagerProvider) CreateNewVersion(ctx context.Context, ref provider.Reference, newValue []byte, meta map[string]string) (string, error)
CreateNewVersion creates a new version of a secret in AWS Secrets Manager
func (*AWSSecretsManagerProvider) DeprecateVersion ¶
func (aws *AWSSecretsManagerProvider) DeprecateVersion(ctx context.Context, ref provider.Reference, version string) error
DeprecateVersion marks an old version as deprecated by removing it from AWSCURRENT stage
func (*AWSSecretsManagerProvider) Describe ¶
func (aws *AWSSecretsManagerProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about an AWS Secrets Manager secret
func (*AWSSecretsManagerProvider) GetRotationMetadata ¶
func (aws *AWSSecretsManagerProvider) GetRotationMetadata(ctx context.Context, ref provider.Reference) (provider.RotationMetadata, error)
GetRotationMetadata returns metadata about rotation capabilities for a secret
func (*AWSSecretsManagerProvider) Int32 ¶
func (aws *AWSSecretsManagerProvider) Int32(i int32) *int32
func (*AWSSecretsManagerProvider) Name ¶
func (aws *AWSSecretsManagerProvider) Name() string
Name returns the provider name
func (*AWSSecretsManagerProvider) Resolve ¶
func (aws *AWSSecretsManagerProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret from AWS Secrets Manager
func (*AWSSecretsManagerProvider) String ¶
func (aws *AWSSecretsManagerProvider) String(s string) *string
type AWSUnifiedProvider ¶
type AWSUnifiedProvider struct {
// contains filtered or unexported fields
}
AWSUnifiedProvider provides intelligent routing to different AWS secret providers based on the secret reference format
func NewAWSUnifiedProvider ¶
func NewAWSUnifiedProvider(name string, configMap map[string]interface{}) (*AWSUnifiedProvider, error)
NewAWSUnifiedProvider creates a new unified AWS provider
func (*AWSUnifiedProvider) Capabilities ¶
func (p *AWSUnifiedProvider) Capabilities() provider.Capabilities
Capabilities returns the unified provider's capabilities
func (*AWSUnifiedProvider) Describe ¶
func (p *AWSUnifiedProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about the secret
func (*AWSUnifiedProvider) Name ¶
func (p *AWSUnifiedProvider) Name() string
Name returns the provider name
func (*AWSUnifiedProvider) Resolve ¶
func (p *AWSUnifiedProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve intelligently routes to the appropriate AWS provider
type AkeylessAuth ¶ added in v0.2.4
type AkeylessAuth struct {
// Method is the authentication method
// Values: "api_key", "aws_iam", "azure_ad", "gcp", "oidc", "saml"
Method string `mapstructure:"method"`
// AccessKey for API key auth
AccessKey string `mapstructure:"access_key"`
// AzureADObjectID for Azure AD auth
AzureADObjectID string `mapstructure:"azure_ad_object_id"`
// GCPAudience for GCP auth
GCPAudience string `mapstructure:"gcp_audience"`
}
AkeylessAuth defines authentication method for Akeyless
type AkeylessConfig ¶ added in v0.2.4
type AkeylessConfig struct {
// AccessID is the Akeyless access ID (required)
AccessID string `mapstructure:"access_id"`
// GatewayURL is the custom gateway URL for enterprise deployments
// Defaults to "https://api.akeyless.io"
GatewayURL string `mapstructure:"gateway_url"`
// Auth contains authentication configuration
Auth AkeylessAuth `mapstructure:"auth"`
// Timeout for API requests (default: 30s)
Timeout time.Duration `mapstructure:"timeout"`
}
AkeylessConfig holds configuration for the Akeyless provider
type AkeylessError ¶ added in v0.2.4
type AkeylessError struct {
Op string // Operation: "auth", "fetch", "list", "describe"
Path string
Message string
Err error
}
AkeylessError wraps Akeyless SDK errors with context
func (*AkeylessError) Error ¶ added in v0.2.4
func (e *AkeylessError) Error() string
func (*AkeylessError) Unwrap ¶ added in v0.2.4
func (e *AkeylessError) Unwrap() error
type AkeylessProvider ¶ added in v0.2.4
type AkeylessProvider struct {
// contains filtered or unexported fields
}
AkeylessProvider implements the provider interface for Akeyless
func NewAkeylessProvider ¶ added in v0.2.4
func NewAkeylessProvider(name string, config map[string]interface{}) (*AkeylessProvider, error)
NewAkeylessProvider creates a new Akeyless provider
func NewAkeylessProviderWithClient ¶ added in v0.2.4
func NewAkeylessProviderWithClient(name string, config map[string]interface{}, client contracts.AkeylessClient) *AkeylessProvider
NewAkeylessProviderWithClient creates an Akeyless provider with a custom client. This is primarily for testing, allowing the SDK client to be mocked.
func (*AkeylessProvider) Capabilities ¶ added in v0.2.4
func (p *AkeylessProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's supported features
func (*AkeylessProvider) Describe ¶ added in v0.2.4
func (p *AkeylessProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about an Akeyless secret without retrieving its value
func (*AkeylessProvider) Name ¶ added in v0.2.4
func (p *AkeylessProvider) Name() string
Name returns the provider name
func (*AkeylessProvider) Resolve ¶ added in v0.2.4
func (p *AkeylessProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret from Akeyless
type AkeylessReference ¶ added in v0.2.4
type AkeylessReference struct {
Path string // e.g., "/prod/database/password"
Version *int // nil for latest
}
AkeylessReference represents a parsed Akeyless secret reference
func ParseAkeylessReference ¶ added in v0.2.4
func ParseAkeylessReference(key string) (*AkeylessReference, error)
ParseAkeylessReference parses an Akeyless reference string Format: /path/to/secret[@vN]
type AzureIdentityConfig ¶
type AzureIdentityConfig struct {
TenantID string
ClientID string
ClientSecret string
CertificatePath string
UseManagedIdentity bool
UserAssignedID string
Scope string // Default scope for token requests
}
AzureIdentityConfig holds Azure Identity-specific configuration
type AzureIdentityProvider ¶
type AzureIdentityProvider struct {
// contains filtered or unexported fields
}
AzureIdentityProvider implements the Provider interface for Azure Managed Identity and Service Principal authentication
func NewAzureIdentityProvider ¶
func NewAzureIdentityProvider(name string, configMap map[string]interface{}) (*AzureIdentityProvider, error)
NewAzureIdentityProvider creates a new Azure Identity provider
func (*AzureIdentityProvider) Capabilities ¶
func (p *AzureIdentityProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*AzureIdentityProvider) Describe ¶
func (p *AzureIdentityProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about the identity provider
func (*AzureIdentityProvider) Name ¶
func (p *AzureIdentityProvider) Name() string
Name returns the provider name
func (*AzureIdentityProvider) Resolve ¶
func (p *AzureIdentityProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve fetches an access token or credential information from Azure Identity
type AzureKeyVaultClientAPI ¶
type AzureKeyVaultClientAPI interface {
GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
}
AzureKeyVaultClientAPI defines the interface for Azure Key Vault operations This allows for mocking in tests
type AzureKeyVaultConfig ¶
type AzureKeyVaultConfig struct {
VaultURL string
TenantID string
ClientID string
ClientSecret string
CertificatePath string
UseManagedIdentity bool
UserAssignedID string // For user-assigned managed identity
}
AzureKeyVaultConfig holds Azure Key Vault-specific configuration
type AzureKeyVaultProvider ¶
type AzureKeyVaultProvider struct {
// contains filtered or unexported fields
}
AzureKeyVaultProvider implements the Provider interface for Azure Key Vault
func NewAzureKeyVaultProvider ¶
func NewAzureKeyVaultProvider(name string, configMap map[string]interface{}, opts ...AzureProviderOption) (*AzureKeyVaultProvider, error)
NewAzureKeyVaultProvider creates a new Azure Key Vault provider
func (*AzureKeyVaultProvider) Capabilities ¶
func (p *AzureKeyVaultProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*AzureKeyVaultProvider) Describe ¶
func (p *AzureKeyVaultProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a secret without fetching its value
func (*AzureKeyVaultProvider) Name ¶
func (p *AzureKeyVaultProvider) Name() string
Name returns the provider name
func (*AzureKeyVaultProvider) Resolve ¶
func (p *AzureKeyVaultProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve fetches a secret from Azure Key Vault
type AzureProviderOption ¶
type AzureProviderOption func(*AzureKeyVaultProvider)
AzureProviderOption is a functional option for configuring Azure providers
func WithAzureKeyVaultClient ¶
func WithAzureKeyVaultClient(client AzureKeyVaultClientAPI) AzureProviderOption
WithAzureKeyVaultClient sets a custom Azure Key Vault client (for testing)
type AzureUnifiedProvider ¶
type AzureUnifiedProvider struct {
// contains filtered or unexported fields
}
AzureUnifiedProvider provides intelligent routing to different Azure providers
func NewAzureUnifiedProvider ¶
func NewAzureUnifiedProvider(name string, configMap map[string]interface{}) (*AzureUnifiedProvider, error)
NewAzureUnifiedProvider creates a new unified Azure provider
func (*AzureUnifiedProvider) Capabilities ¶
func (p *AzureUnifiedProvider) Capabilities() provider.Capabilities
Capabilities returns the unified provider's capabilities
func (*AzureUnifiedProvider) Describe ¶
func (p *AzureUnifiedProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about the secret
func (*AzureUnifiedProvider) Name ¶
func (p *AzureUnifiedProvider) Name() string
Name returns the provider name
func (*AzureUnifiedProvider) Resolve ¶
func (p *AzureUnifiedProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve intelligently routes to the appropriate Azure provider
type BitwardenField ¶
type BitwardenField struct {
Name string `json:"name"`
Value string `json:"value"`
Type int `json:"type"`
}
BitwardenField represents a custom field in a Bitwarden item
type BitwardenItem ¶
type BitwardenItem struct {
ID string `json:"id"`
OrganizationID string `json:"organizationId"`
FolderID string `json:"folderId"`
Type BitwardenItemType `json:"type"`
Name string `json:"name"`
Notes string `json:"notes"`
Favorite bool `json:"favorite"`
Fields []BitwardenField `json:"fields"`
Login *BitwardenLogin `json:"login"`
CollectionIds []string `json:"collectionIds"`
RevisionDate string `json:"revisionDate"`
CreationDate string `json:"creationDate"`
DeletedDate string `json:"deletedDate"`
}
BitwardenItem represents a Bitwarden vault item
type BitwardenItemType ¶
type BitwardenItemType int
BitwardenItemType represents the type of Bitwarden item
const ( TypeLogin BitwardenItemType = 1 TypeNote BitwardenItemType = 2 TypeCard BitwardenItemType = 3 TypeIdentity BitwardenItemType = 4 )
type BitwardenLogin ¶
type BitwardenLogin struct {
Username string `json:"username"`
Password string `json:"password"`
Totp string `json:"totp"`
Uris []BitwardenUri `json:"uris"`
}
BitwardenLogin represents login-specific data
type BitwardenProvider ¶
type BitwardenProvider struct {
// contains filtered or unexported fields
}
BitwardenProvider implements the provider interface for Bitwarden
func NewBitwardenProvider ¶
func NewBitwardenProvider(name string, config map[string]interface{}) *BitwardenProvider
NewBitwardenProvider creates a new Bitwarden provider
func NewBitwardenProviderWithExecutor ¶
func NewBitwardenProviderWithExecutor(name string, config map[string]interface{}, executor pkgexec.CommandExecutor) *BitwardenProvider
NewBitwardenProviderWithExecutor creates a new Bitwarden provider with a custom executor. This is primarily for testing, allowing command execution to be mocked.
func (*BitwardenProvider) Capabilities ¶
func (bw *BitwardenProvider) Capabilities() provider.Capabilities
Capabilities returns Bitwarden provider capabilities
func (*BitwardenProvider) Describe ¶
func (bw *BitwardenProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a Bitwarden item
func (*BitwardenProvider) Name ¶
func (bw *BitwardenProvider) Name() string
Name returns the provider name
func (*BitwardenProvider) Resolve ¶
func (bw *BitwardenProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret from Bitwarden
type BitwardenStatus ¶
type BitwardenStatus struct {
Status string `json:"status"`
LastSync string `json:"lastSync"`
UserEmail string `json:"userEmail"`
UserID string `json:"userId"`
Template string `json:"template"`
}
BitwardenStatus represents the status response from 'bw status'
type BitwardenUri ¶
BitwardenUri represents a URI associated with a login item
type DopplerConfig ¶
type DopplerConfig struct {
Token string `yaml:"token,omitempty"` // Service token
Project string `yaml:"project,omitempty"` // Project name
Config string `yaml:"config,omitempty"` // Config/environment name
}
DopplerConfig represents the configuration for the Doppler provider.
type DopplerProvider ¶
type DopplerProvider struct {
// contains filtered or unexported fields
}
DopplerProvider implements the provider.Provider interface for Doppler.
func NewDopplerProvider ¶
func NewDopplerProvider(config DopplerConfig) *DopplerProvider
NewDopplerProvider creates a new Doppler provider.
func NewDopplerProviderWithExecutor ¶
func NewDopplerProviderWithExecutor(config DopplerConfig, executor pkgexec.CommandExecutor) *DopplerProvider
NewDopplerProviderWithExecutor creates a new Doppler provider with a custom executor. This is primarily for testing, allowing command execution to be mocked.
func (*DopplerProvider) Capabilities ¶
func (p *DopplerProvider) Capabilities() provider.Capabilities
Capabilities returns the provider capabilities.
func (*DopplerProvider) Describe ¶
func (p *DopplerProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a secret.
func (*DopplerProvider) Name ¶
func (p *DopplerProvider) Name() string
Name returns the provider name.
func (*DopplerProvider) Resolve ¶
func (p *DopplerProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret value from Doppler.
type GCPProviderOption ¶
type GCPProviderOption func(*GCPSecretManagerProvider)
GCPProviderOption is a functional option for configuring GCP providers
func WithGCPSecretManagerClient ¶
func WithGCPSecretManagerClient(client GCPSecretManagerClientAPI) GCPProviderOption
WithGCPSecretManagerClient sets a custom GCP Secret Manager client (for testing)
type GCPSecretManagerClientAPI ¶
type GCPSecretManagerClientAPI interface {
AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...option.ClientOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...option.ClientOption) (*secretmanagerpb.Secret, error)
ListSecrets(ctx context.Context, req *secretmanagerpb.ListSecretsRequest, opts ...option.ClientOption) *secretmanager.SecretIterator
AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...option.ClientOption) (*secretmanagerpb.SecretVersion, error)
DisableSecretVersion(ctx context.Context, req *secretmanagerpb.DisableSecretVersionRequest, opts ...option.ClientOption) (*secretmanagerpb.SecretVersion, error)
}
GCPSecretManagerClientAPI defines the interface for GCP Secret Manager operations This allows for mocking in tests
type GCPSecretManagerConfig ¶
type GCPSecretManagerConfig struct {
ProjectID string
ServiceAccountKeyPath string
ImpersonateAccount string
Location string // For regional secrets
UsePlaintextNames bool // Use plaintext names instead of resource names
}
GCPSecretManagerConfig holds GCP Secret Manager-specific configuration
type GCPSecretManagerProvider ¶
type GCPSecretManagerProvider struct {
// contains filtered or unexported fields
}
GCPSecretManagerProvider implements the Provider interface for Google Cloud Secret Manager
func NewGCPSecretManagerProvider ¶
func NewGCPSecretManagerProvider(name string, configMap map[string]interface{}, opts ...GCPProviderOption) (*GCPSecretManagerProvider, error)
NewGCPSecretManagerProvider creates a new GCP Secret Manager provider
func (*GCPSecretManagerProvider) Capabilities ¶
func (p *GCPSecretManagerProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*GCPSecretManagerProvider) CreateNewVersion ¶
func (p *GCPSecretManagerProvider) CreateNewVersion(ctx context.Context, ref provider.Reference, newValue []byte, meta map[string]string) (string, error)
CreateNewVersion creates a new version of a secret in GCP Secret Manager
func (*GCPSecretManagerProvider) DeprecateVersion ¶
func (p *GCPSecretManagerProvider) DeprecateVersion(ctx context.Context, ref provider.Reference, version string) error
DeprecateVersion marks an old version as disabled in GCP Secret Manager
func (*GCPSecretManagerProvider) Describe ¶
func (p *GCPSecretManagerProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a secret without fetching its value
func (*GCPSecretManagerProvider) GetRotationMetadata ¶
func (p *GCPSecretManagerProvider) GetRotationMetadata(ctx context.Context, ref provider.Reference) (provider.RotationMetadata, error)
GetRotationMetadata returns metadata about rotation capabilities for a secret
func (*GCPSecretManagerProvider) Name ¶
func (p *GCPSecretManagerProvider) Name() string
Name returns the provider name
func (*GCPSecretManagerProvider) Resolve ¶
func (p *GCPSecretManagerProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve fetches a secret from GCP Secret Manager
type GCPUnifiedProvider ¶
type GCPUnifiedProvider struct {
// contains filtered or unexported fields
}
GCPUnifiedProvider provides intelligent routing to different GCP secret providers
func NewGCPUnifiedProvider ¶
func NewGCPUnifiedProvider(name string, configMap map[string]interface{}) (*GCPUnifiedProvider, error)
NewGCPUnifiedProvider creates a new unified GCP provider
func (*GCPUnifiedProvider) Capabilities ¶
func (p *GCPUnifiedProvider) Capabilities() provider.Capabilities
Capabilities returns the unified provider's capabilities
func (*GCPUnifiedProvider) Describe ¶
func (p *GCPUnifiedProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about the secret
func (*GCPUnifiedProvider) Name ¶
func (p *GCPUnifiedProvider) Name() string
Name returns the provider name
func (*GCPUnifiedProvider) Resolve ¶
func (p *GCPUnifiedProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve intelligently routes to the appropriate GCP provider
type InfisicalAuth ¶ added in v0.2.4
type InfisicalAuth struct {
// Method is the authentication method
// Values: "machine_identity", "service_token", "api_key"
Method string `mapstructure:"method"`
// ClientID for machine identity auth
ClientID string `mapstructure:"client_id"`
// ClientSecret for machine identity auth
ClientSecret string `mapstructure:"client_secret"`
// ServiceToken for service token auth (legacy)
ServiceToken string `mapstructure:"service_token"`
// APIKey for API key auth (development)
APIKey string `mapstructure:"api_key"`
}
InfisicalAuth defines authentication method for Infisical
type InfisicalConfig ¶ added in v0.2.4
type InfisicalConfig struct {
// Host is the Infisical instance URL
// Defaults to "https://app.infisical.com"
Host string `mapstructure:"host"`
// ProjectID is the Infisical project identifier (required)
ProjectID string `mapstructure:"project_id"`
// Environment is the environment slug (required)
// Examples: "dev", "staging", "prod"
Environment string `mapstructure:"environment"`
// Auth contains authentication configuration
Auth InfisicalAuth `mapstructure:"auth"`
// Timeout for API requests (default: 30s)
Timeout time.Duration `mapstructure:"timeout"`
// CACert is path to custom CA certificate for self-hosted instances
CACert string `mapstructure:"ca_cert"`
// InsecureSkipVerify disables TLS verification (use with caution)
InsecureSkipVerify bool `mapstructure:"insecure_skip_verify"`
}
InfisicalConfig holds configuration for the Infisical provider
type InfisicalError ¶ added in v0.2.4
type InfisicalError struct {
Op string // Operation: "auth", "fetch", "list"
StatusCode int
Message string
Err error
}
InfisicalError wraps Infisical API errors with context
func (*InfisicalError) Error ¶ added in v0.2.4
func (e *InfisicalError) Error() string
func (*InfisicalError) Unwrap ¶ added in v0.2.4
func (e *InfisicalError) Unwrap() error
type InfisicalProvider ¶ added in v0.2.4
type InfisicalProvider struct {
// contains filtered or unexported fields
}
InfisicalProvider implements the provider interface for Infisical
func NewInfisicalProvider ¶ added in v0.2.4
func NewInfisicalProvider(name string, config map[string]interface{}) (*InfisicalProvider, error)
NewInfisicalProvider creates a new Infisical provider
func NewInfisicalProviderWithClient ¶ added in v0.2.4
func NewInfisicalProviderWithClient(name string, config map[string]interface{}, client contracts.InfisicalClient) *InfisicalProvider
NewInfisicalProviderWithClient creates an Infisical provider with a custom client. This is primarily for testing, allowing the HTTP client to be mocked.
func (*InfisicalProvider) Capabilities ¶ added in v0.2.4
func (p *InfisicalProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's supported features
func (*InfisicalProvider) Describe ¶ added in v0.2.4
func (p *InfisicalProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about an Infisical secret without retrieving its value
func (*InfisicalProvider) Name ¶ added in v0.2.4
func (p *InfisicalProvider) Name() string
Name returns the provider name
func (*InfisicalProvider) Resolve ¶ added in v0.2.4
func (p *InfisicalProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret from Infisical
type InfisicalReference ¶ added in v0.2.4
type InfisicalReference struct {
Path string // e.g., "folder/subfolder"
Name string // e.g., "SECRET_NAME"
Version *int // nil for latest
}
InfisicalReference represents a parsed Infisical secret reference
func ParseInfisicalReference ¶ added in v0.2.4
func ParseInfisicalReference(key string) (*InfisicalReference, error)
ParseInfisicalReference parses an Infisical reference string Format: [path/]SECRET_NAME[@vN]
type JSONProvider ¶
type JSONProvider struct {
*MockProvider
}
JSONProvider creates mock JSON values for testing transforms
func NewJSONProvider ¶
func NewJSONProvider(name string) *JSONProvider
NewJSONProvider creates a provider with JSON test data
type KeychainConfig ¶ added in v0.2.4
type KeychainConfig struct {
// ServicePrefix is prepended to service names in references
// Example: "com.mycompany" + "/myapp" → service="com.mycompany.myapp"
ServicePrefix string `mapstructure:"service_prefix"`
// AccessGroup (macOS only) specifies the keychain access group
// for shared keychain items between applications
AccessGroup string `mapstructure:"access_group"`
}
KeychainConfig holds configuration for the keychain provider
type KeychainError ¶ added in v0.2.4
type KeychainError struct {
Op string // Operation: "query", "validate", "access"
Service string
Account string
Err error
}
KeychainError wraps OS keychain errors with context
func (*KeychainError) Error ¶ added in v0.2.4
func (e *KeychainError) Error() string
func (*KeychainError) Unwrap ¶ added in v0.2.4
func (e *KeychainError) Unwrap() error
type KeychainProvider ¶ added in v0.2.4
type KeychainProvider struct {
// contains filtered or unexported fields
}
KeychainProvider implements the provider interface for OS keychains (macOS Keychain and Linux Secret Service)
func NewKeychainProvider ¶ added in v0.2.4
func NewKeychainProvider(name string, config map[string]interface{}) *KeychainProvider
NewKeychainProvider creates a new keychain provider
func NewKeychainProviderWithClient ¶ added in v0.2.4
func NewKeychainProviderWithClient(name string, config map[string]interface{}, client contracts.KeychainClient) *KeychainProvider
NewKeychainProviderWithClient creates a keychain provider with a custom client. This is primarily for testing, allowing the keychain client to be mocked.
func (*KeychainProvider) Capabilities ¶ added in v0.2.4
func (kc *KeychainProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's supported features
func (*KeychainProvider) Describe ¶ added in v0.2.4
func (kc *KeychainProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a keychain item without retrieving its value
func (*KeychainProvider) Name ¶ added in v0.2.4
func (kc *KeychainProvider) Name() string
Name returns the provider name
func (*KeychainProvider) Platform ¶ added in v0.2.4
func (kc *KeychainProvider) Platform() string
Platform returns the current platform (darwin, linux, or unsupported)
func (*KeychainProvider) Resolve ¶ added in v0.2.4
func (kc *KeychainProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret from the OS keychain
type KeychainReference ¶ added in v0.2.4
KeychainReference represents a parsed keychain secret reference
func ParseKeychainReference ¶ added in v0.2.4
func ParseKeychainReference(key string) (*KeychainReference, error)
ParseKeychainReference parses a keychain reference string Format: service/account
type LiteralProvider ¶
type LiteralProvider struct {
// contains filtered or unexported fields
}
LiteralProvider provides literal values for testing and simple use cases It doesn't actually fetch from external systems, but allows testing the resolution pipeline
func NewLiteralProvider ¶
func NewLiteralProvider(name string, values map[string]string) *LiteralProvider
NewLiteralProvider creates a new literal provider with predefined values
func (*LiteralProvider) Capabilities ¶
func (l *LiteralProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*LiteralProvider) Describe ¶
func (l *LiteralProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a literal value
func (*LiteralProvider) Name ¶
func (l *LiteralProvider) Name() string
Name returns the provider's name
func (*LiteralProvider) Resolve ¶
func (l *LiteralProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a literal value
func (*LiteralProvider) SetValue ¶
func (l *LiteralProvider) SetValue(key, value string)
SetValue sets a literal value (useful for testing)
type MockProvider ¶
type MockProvider struct {
// contains filtered or unexported fields
}
MockProvider provides mock values that simulate external provider behavior
func NewMockProvider ¶
func NewMockProvider(name string) *MockProvider
NewMockProvider creates a new mock provider for testing
func (*MockProvider) Capabilities ¶
func (m *MockProvider) Capabilities() provider.Capabilities
Capabilities returns the provider's capabilities
func (*MockProvider) Describe ¶
func (m *MockProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a mock value
func (*MockProvider) Resolve ¶
func (m *MockProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a mock value, potentially with simulated failures or delays
func (*MockProvider) SetDelay ¶
func (m *MockProvider) SetDelay(delay time.Duration)
SetDelay sets a simulated network delay
func (*MockProvider) SetFailure ¶
func (m *MockProvider) SetFailure(key string, err error)
SetFailure simulates a failure for a specific key
func (*MockProvider) SetValue ¶
func (m *MockProvider) SetValue(key, value string)
SetValue sets a mock value
type NewAkeylessProviderFunc ¶ added in v0.2.4
type NewAkeylessProviderFunc func(name string, config map[string]interface{}) (provider.Provider, error)
NewAkeylessProviderFunc is the factory function signature for Akeyless
type NewInfisicalProviderFunc ¶ added in v0.2.4
type NewInfisicalProviderFunc func(name string, config map[string]interface{}) (provider.Provider, error)
NewInfisicalProviderFunc is the factory function signature for Infisical
type NewKeychainProviderFunc ¶ added in v0.2.4
type NewKeychainProviderFunc func(name string, config map[string]interface{}) (provider.Provider, error)
NewKeychainProviderFunc is the factory function signature for keychain
type OnePasswordField ¶
type OnePasswordItem ¶
type OnePasswordItem struct {
ID string `json:"id"`
Title string `json:"title"`
Category string `json:"category"`
Notes string `json:"notes"`
Tags []string `json:"tags"`
Vault struct {
ID string `json:"id"`
Name string `json:"name"`
} `json:"vault"`
Fields []OnePasswordField `json:"fields"`
URLs []OnePasswordURL `json:"urls"`
}
OnePasswordItem represents the structure returned by 1Password CLI
type OnePasswordProvider ¶
type OnePasswordProvider struct {
Account string `yaml:"account,omitempty"`
// contains filtered or unexported fields
}
OnePasswordProvider implements the provider.Provider interface for 1Password CLI
func (*OnePasswordProvider) Capabilities ¶
func (op *OnePasswordProvider) Capabilities() provider.Capabilities
func (*OnePasswordProvider) Name ¶
func (op *OnePasswordProvider) Name() string
func (*OnePasswordProvider) Resolve ¶
func (op *OnePasswordProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
type OnePasswordURL ¶
type PassConfig ¶
type PassConfig struct {
PasswordStore string `yaml:"password_store,omitempty"` // Custom password store path (optional)
GpgKey string `yaml:"gpg_key,omitempty"` // Specific GPG key to use (optional)
}
PassConfig represents the configuration for the pass provider.
type PassProvider ¶
type PassProvider struct {
// contains filtered or unexported fields
}
PassProvider implements the provider.Provider interface for pass (zx2c4).
func NewPassProvider ¶
func NewPassProvider(config PassConfig) *PassProvider
NewPassProvider creates a new pass provider.
func NewPassProviderWithExecutor ¶
func NewPassProviderWithExecutor(config PassConfig, executor pkgexec.CommandExecutor) *PassProvider
NewPassProviderWithExecutor creates a new pass provider with a custom executor. This is primarily for testing, allowing command execution to be mocked.
func (*PassProvider) Capabilities ¶
func (p *PassProvider) Capabilities() provider.Capabilities
Capabilities returns the provider capabilities.
func (*PassProvider) Describe ¶
func (p *PassProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)
Describe returns metadata about a secret.
func (*PassProvider) Resolve ¶
func (p *PassProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)
Resolve retrieves a secret value from pass.
type ProviderFactory ¶
ProviderFactory creates a provider instance from configuration
type ProviderOption ¶
type ProviderOption func(*AWSSecretsManagerProvider)
ProviderOption is a functional option for configuring providers
func WithSecretsManagerClient ¶
func WithSecretsManagerClient(client SecretsManagerClientAPI) ProviderOption
WithSecretsManagerClient sets a custom Secrets Manager client (for testing)
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry manages provider creation and registration
func NewRegistry ¶
func NewRegistry() *Registry
NewRegistry creates a new provider registry with built-in providers
func (*Registry) CreateProvider ¶
func (r *Registry) CreateProvider(name string, cfg config.ProviderConfig) (provider.Provider, error)
CreateProvider creates a provider instance from configuration
func (*Registry) GetSupportedTypes ¶
GetSupportedTypes returns a list of supported provider types
func (*Registry) IsSupported ¶
IsSupported checks if a provider type is supported
func (*Registry) RegisterFactory ¶
func (r *Registry) RegisterFactory(providerType string, factory ProviderFactory)
RegisterFactory registers a provider factory for a given type
type SSMClientAPI ¶
type SSMClientAPI interface {
GetParameter(ctx context.Context, params *ssm.GetParameterInput, optFns ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)
DescribeParameters(ctx context.Context, params *ssm.DescribeParametersInput, optFns ...func(*ssm.Options)) (*ssm.DescribeParametersOutput, error)
}
SSMClientAPI defines the interface for AWS SSM Parameter Store operations This allows for mocking in tests
type SSMConfig ¶
type SSMConfig struct {
Region string
Profile string
AssumeRole string
WithDecryption bool
ParameterPrefix string
Endpoint string // Optional custom endpoint for LocalStack or testing
AccessKeyID string // Optional static credentials for LocalStack/testing
SecretAccessKey string // Optional static credentials for LocalStack/testing
}
SSMConfig holds AWS SSM-specific configuration
type SSMProviderOption ¶
type SSMProviderOption func(*AWSSSMProvider)
SSMProviderOption is a functional option for configuring SSM providers
func WithSSMClient ¶
func WithSSMClient(client SSMClientAPI) SSMProviderOption
WithSSMClient sets a custom SSM client (for testing)
type SSOConfig ¶
type SSOConfig struct {
StartURL string
Region string
AccountID string
RoleName string
Profile string
CachePath string // Optional: custom cache location
RefreshToken bool // Whether to refresh expired tokens
}
SSOConfig holds AWS SSO-specific configuration
type STSConfig ¶
type STSConfig struct {
Region string
Profile string
AssumeRole string
RoleSessionName string
ExternalID string
Duration int32 // in seconds
SerialNumber string // For MFA
TokenCode string // For MFA
Policy string // Session policy JSON
Tags map[string]string
}
STSConfig holds AWS STS-specific configuration
type SecretsManagerClientAPI ¶
type SecretsManagerClientAPI interface {
GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
DescribeSecret(ctx context.Context, params *secretsmanager.DescribeSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)
ListSecrets(ctx context.Context, params *secretsmanager.ListSecretsInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.ListSecretsOutput, error)
UpdateSecret(ctx context.Context, params *secretsmanager.UpdateSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretOutput, error)
UpdateSecretVersionStage(ctx context.Context, params *secretsmanager.UpdateSecretVersionStageInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error)
}
SecretsManagerClientAPI defines the interface for AWS Secrets Manager operations This allows for mocking in tests
type TokenCache ¶ added in v0.2.4
type TokenCache struct {
// contains filtered or unexported fields
}
TokenCache stores authentication tokens in memory for per-process caching. This implementation is thread-safe and supports automatic expiration. Tokens are never persisted to disk per FR-017.
func NewTokenCache ¶ added in v0.2.4
func NewTokenCache() *TokenCache
NewTokenCache creates a new empty token cache
func (*TokenCache) Clear ¶ added in v0.2.4
func (c *TokenCache) Clear()
Clear removes the cached token
func (*TokenCache) ExpiresAt ¶ added in v0.2.4
func (c *TokenCache) ExpiresAt() time.Time
ExpiresAt returns the expiration time of the current token. Returns zero time if no token is cached.
func (*TokenCache) Get ¶ added in v0.2.4
func (c *TokenCache) Get() (string, bool)
Get retrieves the cached token if it exists and is not expired. Returns the token and true if valid, empty string and false otherwise.
func (*TokenCache) IsExpired ¶ added in v0.2.4
func (c *TokenCache) IsExpired() bool
IsExpired returns true if the token is expired or not set
func (*TokenCache) Set ¶ added in v0.2.4
func (c *TokenCache) Set(token string, ttl time.Duration)
Set stores a token with the specified TTL. A small buffer (5 seconds) is subtracted from TTL to ensure tokens are refreshed before actual expiration.
func (*TokenCache) TTL ¶ added in v0.2.4
func (c *TokenCache) TTL() time.Duration
TTL returns the remaining time until the token expires. Returns 0 if the token is expired or not set.
type UnifiedAWSConfig ¶
type UnifiedAWSConfig struct {
Region string
Profile string
AssumeRole string
DefaultService string // Default service if not specified in reference
// Service-specific configs
SecretsManager map[string]interface{}
SSM map[string]interface{}
STS map[string]interface{}
SSO map[string]interface{}
}
UnifiedAWSConfig holds configuration for the unified AWS provider
type UnifiedAzureConfig ¶
type UnifiedAzureConfig struct {
TenantID string
ClientID string
ClientSecret string
UseManagedIdentity bool
UserAssignedID string
DefaultService string // Default service if not specified in reference
// Service-specific configs
KeyVault map[string]interface{}
Identity map[string]interface{}
}
UnifiedAzureConfig holds configuration for the unified Azure provider
type UnifiedGCPConfig ¶
type UnifiedGCPConfig struct {
ProjectID string
ServiceAccountKeyPath string
ImpersonateAccount string
DefaultService string // Default service if not specified in reference
// Service-specific configs
SecretManager map[string]interface{}
}
UnifiedGCPConfig holds configuration for the unified GCP provider
Source Files
¶
- akeyless.go
- akeyless_client.go
- aws_secretsmanager.go
- aws_ssm.go
- aws_sso.go
- aws_sts.go
- aws_unified.go
- azure_identity.go
- azure_keyvault.go
- azure_unified.go
- bitwarden.go
- doppler.go
- errors.go
- factory.go
- gcp_secretmanager.go
- gcp_unified.go
- infisical.go
- infisical_client.go
- keychain.go
- keychain_linux.go
- literal.go
- onepassword.go
- pass.go
- registry.go
- token_cache.go
Directories