Documentation
¶
Overview ¶
krmfnsealedsecretfrom1password is a KRM function that generates a SealedSecret from a 1Password secret.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrReadTokenFromFile is returned when the 1Password service account token cannot be read from the file. ErrReadTokenFromFile = errors.New("unable to read 1Password service account token from file") // ErrLoadConfig is returned when the function configuration cannot be loaded, such as not having the required fields. ErrLoadConfig = errors.New("unable to load function config") // ErrConfigCertNotValid is returned when the sealing certificate in the config is not valid. ErrConfigCertNotValid = errors.New("cert in config is not valid") // ErrMissingToken is returned when the 1Password service account token is missing. ErrMissingToken = errors.New("missing 1Password service account token") // ErrMissingCert is returned when the sealing certificate is missing. ErrMissingCert = errors.New("missing sealing certificate") // ErrUnmarshalSealedSecret is returned when the SealedSecret cannot be unmarshalled. ErrUnmarshalSealedSecret = errors.New("error unmarshalling SealedSecret") // ErrResolveSecret is returned when the secret cannot be resolved from 1Password. ErrResolveSecret = errors.New("error resolving secret from 1Password") // ErrProcessSealedSecret is returned when there is an error processing a SealedSecret. ErrProcessSealedSecret = errors.New("error processing SealedSecret") // ErrEncryptSecret is returned when there is an error encrypting a secret. ErrEncryptSecret = errors.New("error encrypting secret") )
var ( // ErrInvalidSecretReference is returned when the secret reference is invalid. ErrInvalidSecretReference = errors.New("invalid secret reference") )
Functions ¶
func NewCmd ¶
func NewCmd(opts ...ProcessorOption) *cobra.Command
NewCmd creates a new command for the processor.
Types ¶
type Config ¶
type Config struct {
// Token is the 1Password service account token.
Token string `flag:"required" json:"onePasswordServiceAccountToken" param:"onepassword-service-account-token,t"`
// CertString is the certificate used to seal the secrets
CertString string `flag:"required" json:"sealingCert" param:"sealing-cert,c"`
}
Config is the configuration for the function.
type Processor ¶
type Processor struct {
// contains filtered or unexported fields
}
Processor processes SealedSecrets in a ResourceList by resolving references to 1Password secrets.
func NewProcessor ¶
func NewProcessor(opts ...ProcessorOption) Processor
NewProcessor creates a new Processor with the given options.
type ProcessorOption ¶
type ProcessorOption func(*Processor)
ProcessorOption is a function that configures a Processor.
func WithContext ¶
func WithContext(ctx context.Context) ProcessorOption
WithContext sets the context for the Processor.
func WithOnePasswordServiceAccountTokenFile ¶ added in v0.6.0
func WithOnePasswordServiceAccountTokenFile(tokenFilePath string) ProcessorOption
WithOnePasswordServiceAccountTokenFile sets the path to the file containing the 1Password service account token.
func WithRandSrc ¶
func WithRandSrc(randSrc io.Reader) ProcessorOption
WithRandSrc sets the source of random bytes for crypto operations for the Processor.
func WithSecretsStore ¶ added in v0.3.0
func WithSecretsStore(client secretsstore.SecretsStore) ProcessorOption
WithSecretsStore sets the 1Password client for the Processor.
type SecretReference ¶
type SecretReference struct {
// contains filtered or unexported fields
}
SecretReference is a reference to a secret in 1Password.
func SecretReferenceFromString ¶
func SecretReferenceFromString(ctx context.Context, refStr string) (*SecretReference, error)
SecretReferenceFromString creates a SecretReference from a string. It will return an ErrInvalidSecretReference if the string is not a well-formed secre reference. It does not check that the secret exists.
func (*SecretReference) String ¶
func (r *SecretReference) String() string
func (*SecretReference) VaultField ¶
func (r *SecretReference) VaultField() string
VaultField returns the field of the referenced secret.
func (*SecretReference) VaultItem ¶
func (r *SecretReference) VaultItem() string
VaultItem returns the path to the referenced secret in the vault.
func (*SecretReference) VaultName ¶
func (r *SecretReference) VaultName() string
VaultName returns the name of the vault that the referenced secret resides in.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
krmfn
command
|
|
|
internal
|
|
|
log
log package configures the log/slog package
|
log package configures the log/slog package |
|
secretsstore
The secretsstore package contains an interface and wrapper around the onepassword-sdk-go Client.
|
The secretsstore package contains an interface and wrapper around the onepassword-sdk-go Client. |
|
testhelpers
testhelpers package provides helper functions for testing.
|
testhelpers package provides helper functions for testing. |
|
version
version contains logic to calculate the version of the application, which is mostly used for logging purposes.
|
version contains logic to calculate the version of the application, which is mostly used for logging purposes. |