keyvault

package

v0.9.18 Latest Latest Go to latest Published: May 13, 2024 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/external-secrets/external-secrets

Links

Open Source Insights

Documentation ¶

Overview ¶

/* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */

Index ¶

Constants
func AadEndpointForType(t esv1beta1.AzureEnvironmentType) string
func FetchSAToken(ctx context.Context, ns, name string, audiences []string, ...) (string, error)
func NewTokenProvider(ctx context.Context, token, clientID, tenantID, aadEndpoint, kvResource string) (adal.OAuthTokenProvider, error)
func ServiceManagementEndpointForType(t esv1beta1.AzureEnvironmentType) string
type Azure
type ClientInMemoryCertificateConfig
- func NewClientInMemoryCertificateConfig(clientID string, certificate []byte, tenantID string) ClientInMemoryCertificateConfig
- func (ccc ClientInMemoryCertificateConfig) Authorizer() (autorest.Authorizer, error)
- func (ccc ClientInMemoryCertificateConfig) ServicePrincipalToken() (*adal.ServicePrincipalToken, error)
type SecretClient

Constants ¶

View Source

const (
	AzureDefaultAudience = "api://AzureADTokenExchange"
	AnnotationClientID   = "azure.workload.identity/client-id"
	AnnotationTenantID   = "azure.workload.identity/tenant-id"
)

Variables ¶

This section is empty.

Functions ¶

func AadEndpointForType ¶ added in v0.6.0

func AadEndpointForType(t esv1beta1.AzureEnvironmentType) string

func FetchSAToken ¶ added in v0.6.0

func FetchSAToken(ctx context.Context, ns, name string, audiences []string, kubeClient kcorev1.CoreV1Interface) (string, error)

func NewTokenProvider ¶ added in v0.6.0

func NewTokenProvider(ctx context.Context, token, clientID, tenantID, aadEndpoint, kvResource string) (adal.OAuthTokenProvider, error)

func ServiceManagementEndpointForType ¶ added in v0.9.10

func ServiceManagementEndpointForType(t esv1beta1.AzureEnvironmentType) string

Types ¶

type Azure ¶

type Azure struct {
	// contains filtered or unexported fields
}

func (*Azure) Capabilities ¶ added in v0.7.0

func (a *Azure) Capabilities() esv1beta1.SecretStoreCapabilities

Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).

func (*Azure) Close ¶ added in v0.2.1

func (a *Azure) Close(_ context.Context) error

func (*Azure) DeleteSecret ¶ added in v0.7.0

func (a *Azure) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error

func (*Azure) GetAllSecrets ¶ added in v0.5.0

func (a *Azure) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error)

Implements store.Client.GetAllSecrets Interface. Retrieves a map[string][]byte with the secret names as key and the secret itself as the calue.

func (*Azure) GetSecret ¶

func (a *Azure) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error)

Implements store.Client.GetSecret Interface. Retrieves a secret/Key/Certificate/Tag with the secret name defined in ref.Name The Object Type is defined as a prefix in the ref.Name , if no prefix is defined , we assume a secret is required.

func (*Azure) GetSecretMap ¶

func (a *Azure) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error)

Implements store.Client.GetSecretMap Interface. New version of GetSecretMap.

func (*Azure) NewClient ¶ added in v0.4.0

func (a *Azure) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error)

NewClient constructs a new secrets client based on the provided store.

func (*Azure) PushSecret ¶ added in v0.7.0

func (a *Azure) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error

PushSecret stores secrets into a Key vault instance.

func (*Azure) SecretExists ¶ added in v0.9.14

func (a *Azure) SecretExists(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) (bool, error)

func (*Azure) Validate ¶ added in v0.4.2

func (a *Azure) Validate() (esv1beta1.ValidationResult, error)

func (*Azure) ValidateStore ¶ added in v0.5.0

func (a *Azure) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error)

type ClientInMemoryCertificateConfig ¶ added in v0.9.18

type ClientInMemoryCertificateConfig struct {
	ClientID    string
	Certificate []byte // Certificate data as a byte slice
	TenantID    string
	AuxTenants  []string
	AADEndpoint string
	Resource    string
}

ClientInMemoryCertificateConfig struct includes a Certificate field to hold the certificate data as a byte slice.

func NewClientInMemoryCertificateConfig ¶ added in v0.9.18

func NewClientInMemoryCertificateConfig(clientID string, certificate []byte, tenantID string) ClientInMemoryCertificateConfig

func (ClientInMemoryCertificateConfig) Authorizer ¶ added in v0.9.18

func (ccc ClientInMemoryCertificateConfig) Authorizer() (autorest.Authorizer, error)

Implementation of the AuthorizerConfig interface.

func (ClientInMemoryCertificateConfig) ServicePrincipalToken ¶ added in v0.9.18

func (ccc ClientInMemoryCertificateConfig) ServicePrincipalToken() (*adal.ServicePrincipalToken, error)

ServicePrincipalToken creates a adal.ServicePrincipalToken from client certificate using the certificate byte slice.

type SecretClient ¶

type SecretClient interface {
	GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (result keyvault.KeyBundle, err error)
	GetSecret(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string) (result keyvault.SecretBundle, err error)
	GetSecretsComplete(ctx context.Context, vaultBaseURL string, maxresults *int32) (result keyvault.SecretListResultIterator, err error)
	GetCertificate(ctx context.Context, vaultBaseURL string, certificateName string, certificateVersion string) (result keyvault.CertificateBundle, err error)
	SetSecret(ctx context.Context, vaultBaseURL string, secretName string, parameters keyvault.SecretSetParameters) (result keyvault.SecretBundle, err error)
	ImportKey(ctx context.Context, vaultBaseURL string, keyName string, parameters keyvault.KeyImportParameters) (result keyvault.KeyBundle, err error)
	ImportCertificate(ctx context.Context, vaultBaseURL string, certificateName string, parameters keyvault.CertificateImportParameters) (result keyvault.CertificateBundle, err error)
	DeleteCertificate(ctx context.Context, vaultBaseURL string, certificateName string) (result keyvault.DeletedCertificateBundle, err error)
	DeleteKey(ctx context.Context, vaultBaseURL string, keyName string) (result keyvault.DeletedKeyBundle, err error)
	DeleteSecret(ctx context.Context, vaultBaseURL string, secretName string) (result keyvault.DeletedSecretBundle, err error)
}

interface to keyvault.BaseClient.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fake

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL