secretutil

package
v0.0.0-...-53ab931 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2025 License: Apache-2.0 Imports: 4 Imported by: 7

Documentation

Overview

Package secretutil implements utilities to operate on secret data.

Package secretutil contains utilities for operating with secret data.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdaptCensorer 

func AdaptCensorer(censorer Censorer) func(input []byte) []byte

AdaptCensorer returns a func that censors without touching the input, to be used in places where the previous behavior is required while migrations occur.

Types

type Censorer 

type Censorer interface {
	// Censor will remove sensitive data previously registered with the Censorer
	// from the input. This is thread-safe, will mutate the input and will never
	// change the overall size of the input.
	Censor(input *[]byte)
}

Censorer knows how to replace sensitive data from input.

type ReloadingCensorer 

type ReloadingCensorer struct {
	*sync.RWMutex
	*bytereplacer.Replacer
	// contains filtered or unexported fields
}

func NewCensorer 

func NewCensorer() *ReloadingCensorer

func (*ReloadingCensorer) Censor 

func (c *ReloadingCensorer) Censor(input *[]byte)

Censor will remove sensitive data previously registered with the Censorer from the input. This is thread-safe, will mutate the input and will never change the overall size of the input. Censoring will attempt to be intelligent about how content is removed from the input - when the ReloadingCensorer is given secrets to censor, we:

  • handle the case where whitespace is needed to be trimmed
  • censor not only the plaintext representation of the secret but also the base64-encoded representation of it, as it's common for k8s Secrets to contain information in this way

func (*ReloadingCensorer) LargestSecret 

func (c *ReloadingCensorer) LargestSecret() int

LargestSecret returns the size of the largest secret we will censor.

func (*ReloadingCensorer) Refresh 

func (c *ReloadingCensorer) Refresh(secrets ...string)

Refresh refreshes the set of secrets that we censor.

func (*ReloadingCensorer) RefreshBytes 

func (c *ReloadingCensorer) RefreshBytes(secrets ...[]byte)

RefreshBytes refreshes the set of secrets that we censor.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳