README
¶
Docker secrets extension API
Go handler to get secrets from external secret stores in Docker.
Usage
This library is designed to be integrated in your program.
- Implement the
secrets.Driverinterface. - Initialize a
secrets.Handlerwith your implementation. - Call either
ServeTCPorServeUnixfrom thesecrets.Handler.
Example using TCP sockets:
import "github.com/docker/go-plugins-helpers/secrets"
d := MySecretsDriver{}
h := secrets.NewHandler(d)
h.ServeTCP("test_secrets", ":8080")
Example using Unix sockets:
import "github.com/docker/go-plugins-helpers/secrets"
d := MySecretsDriver{}
h := secrets.NewHandler(d)
h.ServeUnix("test_secrets", 0)
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Driver ¶
type Driver interface {
// Get gets a secret from a remote secret store
Get(Request) Response
}
Driver represent the interface a driver must fulfill.
type EndpointSpec ¶
type EndpointSpec struct {
Mode int32 `json:",omitempty"`
Ports []PortConfig `json:",omitempty"`
}
EndpointSpec represents the spec of an endpoint.
type Handler ¶
type Handler struct {
sdk.Handler
// contains filtered or unexported fields
}
Handler forwards requests and responses between the docker daemon and the plugin.
func NewHandler ¶
func NewHandler(driver Driver) *Handler
NewHandler initializes the request handler with a driver implementation.
type PortConfig ¶
type PortConfig struct {
Name string `json:",omitempty"`
Protocol int32 `json:",omitempty"`
// TargetPort is the port inside the container
TargetPort uint32 `json:",omitempty"`
// PublishedPort is the port on the swarm hosts
PublishedPort uint32 `json:",omitempty"`
// PublishMode is the mode in which port is published
PublishMode int32 `json:",omitempty"`
}
PortConfig represents the config of a port.
type Request ¶
type Request struct {
SecretName string `json:",omitempty"` // SecretName is the name of the secret to request from the plugin
SecretLabels map[string]string `json:",omitempty"` // SecretLabels capture environment names and other metadata pertaining to the secret
ServiceHostname string `json:",omitempty"` // ServiceHostname is the hostname of the service, can be used for x509 certificate
ServiceName string `json:",omitempty"` // ServiceName is the name of the service that requested the secret
ServiceID string `json:",omitempty"` // ServiceID is the name of the service that requested the secret
ServiceLabels map[string]string `json:",omitempty"` // ServiceLabels capture environment names and other metadata pertaining to the service
TaskID string `json:",omitempty"` // TaskID is the ID of the task that the secret is assigned to
TaskName string `json:",omitempty"` // TaskName is the name of the task that the secret is assigned to
TaskImage string `json:",omitempty"` // TaskName is the image of the task that the secret is assigned to
ServiceEndpointSpec *EndpointSpec `json:",omitempty"` // ServiceEndpointSpec holds the specification for endpoints
}
Request is the plugin secret request
type Response ¶
type Response struct {
Value []byte `json:",omitempty"` // Value is the value of the secret
Err string `json:",omitempty"` // Err is the error response of the plugin
// DoNotReuse indicates that the secret returned from this request should
// only be used for one task, and any further tasks should call the secret
// driver again.
DoNotReuse bool `json:",omitempty"`
}
Response contains the plugin secret value
Source Files
Click to show internal directories.
Click to hide internal directories.