secrets

package
v0.5.7-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2025 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BaseSecretsProvider 

type BaseSecretsProvider struct {
	SecretsProvider
	// contains filtered or unexported fields
}

BaseSecretsProvider is a base implementation of the SecretsProvider interface

func NewBaseSecretsProvider 

func NewBaseSecretsProvider(injector di.Injector) *BaseSecretsProvider

NewBaseSecretsProvider creates a new BaseSecretsProvider instance

func (*BaseSecretsProvider) GetSecret 

func (s *BaseSecretsProvider) GetSecret(key string) (string, error)

GetSecret retrieves a secret value for the specified key

func (*BaseSecretsProvider) Initialize 

func (s *BaseSecretsProvider) Initialize() error

Initialize initializes the secrets provider

func (*BaseSecretsProvider) LoadSecrets 

func (s *BaseSecretsProvider) LoadSecrets() error

LoadSecrets loads the secrets from the specified path

func (*BaseSecretsProvider) ParseSecrets 

func (s *BaseSecretsProvider) ParseSecrets(input string) (string, error)

ParseSecrets is a placeholder function for parsing secrets

type MockSecretsProvider 

type MockSecretsProvider struct {
	BaseSecretsProvider
	InitializeFunc   func() error
	LoadSecretsFunc  func() error
	GetSecretFunc    func(key string) (string, error)
	ParseSecretsFunc func(input string) (string, error)
	UnlockFunc       func() error
}

MockSecretsProvider is a mock implementation of the SecretsProvider interface for testing purposes

func NewMockSecretsProvider 

func NewMockSecretsProvider(injector di.Injector) *MockSecretsProvider

NewMockSecretsProvider creates a new instance of MockSecretsProvider

func (*MockSecretsProvider) GetSecret 

func (m *MockSecretsProvider) GetSecret(key string) (string, error)

GetSecret calls the mock GetSecretFunc if set, otherwise returns an error indicating the secret was not found

func (*MockSecretsProvider) Initialize 

func (m *MockSecretsProvider) Initialize() error

Initialize calls the mock InitializeFunc if set, otherwise returns nil

func (*MockSecretsProvider) LoadSecrets 

func (m *MockSecretsProvider) LoadSecrets() error

LoadSecrets calls the mock LoadSecretsFunc if set, otherwise returns nil

func (*MockSecretsProvider) ParseSecrets 

func (m *MockSecretsProvider) ParseSecrets(input string) (string, error)

ParseSecrets calls the mock ParseSecretsFunc if set, otherwise returns the input unchanged

func (*MockSecretsProvider) Unlock 

func (m *MockSecretsProvider) Unlock() error

Unlock calls the mock UnlockFunc if set, otherwise returns nil

type OnePasswordCLISecretsProvider 

type OnePasswordCLISecretsProvider struct {
	BaseSecretsProvider
	// contains filtered or unexported fields
}

OnePasswordCLISecretsProvider is an implementation of the SecretsProvider interface that uses the 1Password CLI to manage secrets.

func NewOnePasswordCLISecretsProvider 

func NewOnePasswordCLISecretsProvider(vault secretsConfigType.OnePasswordVault, injector di.Injector) *OnePasswordCLISecretsProvider

NewOnePasswordCLISecretsProvider creates a new OnePasswordCLISecretsProvider instance

func (*OnePasswordCLISecretsProvider) GetSecret 

func (s *OnePasswordCLISecretsProvider) GetSecret(key string) (string, error)

GetSecret retrieves a secret value for the specified key

func (*OnePasswordCLISecretsProvider) ParseSecrets 

func (s *OnePasswordCLISecretsProvider) ParseSecrets(input string) (string, error)

ParseSecrets identifies and replaces ${{ op.<id>.<secret>.<field> }} patterns in the input with corresponding secret values from 1Password, ensuring the id matches the vault ID.

type OnePasswordSDKSecretsProvider added in v0.5.7 

type OnePasswordSDKSecretsProvider struct {
	*BaseSecretsProvider
	// contains filtered or unexported fields
}

OnePasswordSDKSecretsProvider is an implementation of the SecretsProvider interface that uses the 1Password SDK to manage secrets.

func NewOnePasswordSDKSecretsProvider added in v0.5.7 

func NewOnePasswordSDKSecretsProvider(vault secretsConfigType.OnePasswordVault, injector di.Injector) *OnePasswordSDKSecretsProvider

NewOnePasswordSDKSecretsProvider creates a new OnePasswordSDKSecretsProvider instance

func (*OnePasswordSDKSecretsProvider) GetSecret added in v0.5.7 

func (s *OnePasswordSDKSecretsProvider) GetSecret(key string) (string, error)

GetSecret retrieves a secret value for the specified key. It first checks if the provider is unlocked. If not, it returns a masked value. It then ensures the 1Password client is initialized using a service account token from the environment. The key is split into item and field parts, and the item name is sanitized. A secret reference URI is constructed and used to resolve the secret value from 1Password. If successful, the secret value is returned; otherwise, an error is reported.

func (*OnePasswordSDKSecretsProvider) Initialize added in v0.5.7 

func (s *OnePasswordSDKSecretsProvider) Initialize() error

Initialize initializes the secrets provider

func (*OnePasswordSDKSecretsProvider) ParseSecrets added in v0.5.7 

func (s *OnePasswordSDKSecretsProvider) ParseSecrets(input string) (string, error)

ParseSecrets identifies and replaces ${{ op.<id>.<secret>.<field> }} patterns in the input with corresponding secret values from 1Password, ensuring the id matches the vault ID.

type SecretsProvider 

type SecretsProvider interface {
	// Initialize initializes the secrets provider
	Initialize() error

	// LoadSecrets loads the secrets from the specified path
	LoadSecrets() error

	// GetSecret retrieves a secret value for the specified key
	GetSecret(key string) (string, error)

	// ParseSecrets parses a string and replaces ${{ secrets.<key> }} references with their values
	ParseSecrets(input string) (string, error)
}

SecretsProvider defines the interface for handling secrets operations

type Shims added in v0.5.7 

type Shims struct {
	Stat                 func(string) (os.FileInfo, error)
	YAMLUnmarshal        func([]byte, any) error
	DecryptFile          func(string, string) ([]byte, error)
	NewOnePasswordClient func(context.Context, ...onepassword.ClientOption) (*onepassword.Client, error)
	ResolveSecret        func(*onepassword.Client, context.Context, string) (string, error)
}

Shims provides mockable wrappers around system and runtime functions

func NewShims added in v0.5.7 

func NewShims() *Shims

NewShims creates a new Shims instance with default implementations

type SopsSecretsProvider 

type SopsSecretsProvider struct {
	*BaseSecretsProvider
	// contains filtered or unexported fields
}

SopsSecretsProvider is a struct that implements the SecretsProvider interface using SOPS for decryption.

func NewSopsSecretsProvider 

func NewSopsSecretsProvider(configPath string, injector di.Injector) *SopsSecretsProvider

NewSopsSecretsProvider creates a new instance of SopsSecretsProvider.

func (*SopsSecretsProvider) GetSecret 

func (s *SopsSecretsProvider) GetSecret(key string) (string, error)

GetSecret retrieves a secret value for the specified key

func (*SopsSecretsProvider) LoadSecrets 

func (s *SopsSecretsProvider) LoadSecrets() error

LoadSecrets loads and decrypts the secrets from the SOPS-encrypted file.

func (*SopsSecretsProvider) ParseSecrets 

func (s *SopsSecretsProvider) ParseSecrets(input string) (string, error)

ParseSecrets parses a string and replaces ${{ sops.<key> }} references with their values

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.