config

package

v0.0.0-...-1b7dea3 Latest Latest Go to latest Published: Feb 22, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/user-cube/cluster-bootstrap

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func EnsureGitCryptAttributes(outputDir string) error
func EnvPathRegex(envName string) string
func SecretsFileName(env string) string
func SecretsFileNamePlain(env string) string
func UpsertSopsRule(outputPath, provider, key, envName string) error
func WriteSopsConfig(outputPath, provider, key string) error
type CreationRule
type EnvironmentSecrets
- func LoadSecrets(filePath string, sopsOpts *sops.Options) (*EnvironmentSecrets, error)
- func LoadSecretsPlaintext(filePath string) (*EnvironmentSecrets, error)
type RepoSecrets
type SOPSConfig
- func ReadSopsConfig(path string) (*SOPSConfig, error)

Constants ¶

View Source

const GitCryptAttributesPattern = "secrets.*.yaml filter=git-crypt diff=git-crypt"

Variables ¶

This section is empty.

Functions ¶

func EnsureGitCryptAttributes ¶

func EnsureGitCryptAttributes(outputDir string) error

EnsureGitCryptAttributes ensures the .gitattributes file in outputDir contains the git-crypt pattern for secrets files. It creates the file if missing and appends the pattern if not already present.

func EnvPathRegex ¶

func EnvPathRegex(envName string) string

EnvPathRegex returns the path_regex pattern for a given environment name.

func SecretsFileName ¶

func SecretsFileName(env string) string

SecretsFileName returns the SOPS-encrypted secrets file name for the given environment.

func SecretsFileNamePlain ¶

func SecretsFileNamePlain(env string) string

SecretsFileNamePlain returns the plaintext secrets file name for git-crypt environments.

func UpsertSopsRule ¶

func UpsertSopsRule(outputPath, provider, key, envName string) error

UpsertSopsRule ensures a creation rule exists in .sops.yaml for the given environment. If the file doesn't exist, it creates it. If a rule with a matching path_regex already exists, it updates the provider/key. Otherwise it appends a new rule.

func WriteSopsConfig ¶

func WriteSopsConfig(outputPath, provider, key string) error

WriteSopsConfig writes the .sops.yaml file with the given provider configuration.

Types ¶

type CreationRule ¶

type CreationRule struct {
	PathRegex string `yaml:"path_regex,omitempty"`
	Age       string `yaml:"age,omitempty"`
	KMS       string `yaml:"kms,omitempty"`
	GCPKMS    string `yaml:"gcp_kms,omitempty"`
}

CreationRule defines a SOPS creation rule.

type EnvironmentSecrets ¶

type EnvironmentSecrets struct {
	Repo RepoSecrets `yaml:"repo"`
}

EnvironmentSecrets holds the secrets for a single environment. Each environment has its own secrets file: secrets.<env>.enc.yaml

func LoadSecrets ¶

func LoadSecrets(filePath string, sopsOpts *sops.Options) (*EnvironmentSecrets, error)

LoadSecrets decrypts and parses a per-environment SOPS-encrypted secrets file.

func LoadSecretsPlaintext ¶

func LoadSecretsPlaintext(filePath string) (*EnvironmentSecrets, error)

LoadSecretsPlaintext reads a plaintext (git-crypt managed) secrets file. It returns an error if the file still contains the git-crypt magic header, which means it has not been decrypted (git-crypt unlock has not been run).

type RepoSecrets ¶

type RepoSecrets struct {
	URL            string `yaml:"url"`
	TargetRevision string `yaml:"targetRevision"`
	SSHPrivateKey  string `yaml:"sshPrivateKey"`
}

RepoSecrets holds git repository credentials.

type SOPSConfig ¶

type SOPSConfig struct {
	CreationRules []CreationRule `yaml:"creation_rules"`
}

SOPSConfig represents the .sops.yaml configuration file.

func ReadSopsConfig ¶

func ReadSopsConfig(path string) (*SOPSConfig, error)

ReadSopsConfig reads and parses an existing .sops.yaml file.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL